Issued:: 2007-07-12
Updated:: 2007-07-12

RHSA-2007:0520 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: xorg-x11-xfs security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated X.org packages that address a flaw in the way the X.Org X11 xfs
font server starts are now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The X.Org X11 xfs font server provides a standard mechanism for an X server
to communicate with a font renderer.

A temporary file flaw was found in the way the X.Org X11 xfs font server
startup script executes. A local user could modify the permissions of a
file of their choosing, possibly elevating their local privileges.
(CVE-2007-3103)

Users of the X.org X11 xfs font server should upgrade to these updated
packages, which contain a backported patch and are not vulnerable to this
issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 242903 - CVE-2007-3103 init.d xfs script chown race condition vulnerability

CVEs

CVE-2007-3103

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
xorg-x11-xfs-1.0.2-4.src.rpm	SHA-256: 76d5eeac55117e16454f7e12db3e27dc0d1de674b4b4b2ad3cbe305ed5de6fff
x86_64
xorg-x11-xfs-1.0.2-4.x86_64.rpm	SHA-256: 77f445cf3343aae3b64c5c7a97deee4b7f7be2c2110fa26a28bb29287a73daab
xorg-x11-xfs-utils-1.0.2-4.x86_64.rpm	SHA-256: f923e9952d3eca662063313a02e8f6ce0ebe0c682ab7ec9eb9c89e84828c3b8e
ia64
xorg-x11-xfs-1.0.2-4.ia64.rpm	SHA-256: 599c3992cabb90608f9f18201caa3d6856742dec7e61926ecbae5f658993153a
xorg-x11-xfs-utils-1.0.2-4.ia64.rpm	SHA-256: 9e625c25ede5bb42d9c6017d0d8f7f978eb4900dda6514f7a4f9985e69600e03
i386
xorg-x11-xfs-1.0.2-4.i386.rpm	SHA-256: 4b4ce91431058a9046e7f031de2c3f5d1cf70bb825d681be6c1f950ae08f9d3f
xorg-x11-xfs-utils-1.0.2-4.i386.rpm	SHA-256: a6bdabdbe6b4d5650a807c05c33c603e93087ee52d632963ce47cc675ceb1633

Red Hat Enterprise Linux Workstation 5

SRPM
xorg-x11-xfs-1.0.2-4.src.rpm	SHA-256: 76d5eeac55117e16454f7e12db3e27dc0d1de674b4b4b2ad3cbe305ed5de6fff
x86_64
xorg-x11-xfs-1.0.2-4.x86_64.rpm	SHA-256: 77f445cf3343aae3b64c5c7a97deee4b7f7be2c2110fa26a28bb29287a73daab
xorg-x11-xfs-utils-1.0.2-4.x86_64.rpm	SHA-256: f923e9952d3eca662063313a02e8f6ce0ebe0c682ab7ec9eb9c89e84828c3b8e
i386
xorg-x11-xfs-1.0.2-4.i386.rpm	SHA-256: 4b4ce91431058a9046e7f031de2c3f5d1cf70bb825d681be6c1f950ae08f9d3f
xorg-x11-xfs-utils-1.0.2-4.i386.rpm	SHA-256: a6bdabdbe6b4d5650a807c05c33c603e93087ee52d632963ce47cc675ceb1633

Red Hat Enterprise Linux Desktop 5

SRPM
xorg-x11-xfs-1.0.2-4.src.rpm	SHA-256: 76d5eeac55117e16454f7e12db3e27dc0d1de674b4b4b2ad3cbe305ed5de6fff
x86_64
xorg-x11-xfs-1.0.2-4.x86_64.rpm	SHA-256: 77f445cf3343aae3b64c5c7a97deee4b7f7be2c2110fa26a28bb29287a73daab
xorg-x11-xfs-utils-1.0.2-4.x86_64.rpm	SHA-256: f923e9952d3eca662063313a02e8f6ce0ebe0c682ab7ec9eb9c89e84828c3b8e
i386
xorg-x11-xfs-1.0.2-4.i386.rpm	SHA-256: 4b4ce91431058a9046e7f031de2c3f5d1cf70bb825d681be6c1f950ae08f9d3f
xorg-x11-xfs-utils-1.0.2-4.i386.rpm	SHA-256: a6bdabdbe6b4d5650a807c05c33c603e93087ee52d632963ce47cc675ceb1633

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
xorg-x11-xfs-1.0.2-4.src.rpm	SHA-256: 76d5eeac55117e16454f7e12db3e27dc0d1de674b4b4b2ad3cbe305ed5de6fff
s390x
xorg-x11-xfs-1.0.2-4.s390x.rpm	SHA-256: 257792615f05f7faa5e1597f20bab62e1e94996cc162251611b9e324ac701918
xorg-x11-xfs-utils-1.0.2-4.s390x.rpm	SHA-256: 3cf176aa2df53d7c1c3e92ab93204f1b30e7ecfcda4ca82dbbbd5034ffb060d8

Red Hat Enterprise Linux for Power, big endian 5

SRPM
xorg-x11-xfs-1.0.2-4.src.rpm	SHA-256: 76d5eeac55117e16454f7e12db3e27dc0d1de674b4b4b2ad3cbe305ed5de6fff
ppc
xorg-x11-xfs-1.0.2-4.ppc.rpm	SHA-256: 45ab50afbbb5d896daa459714a015107623a1f915f2be3cb2185589ee86109c5
xorg-x11-xfs-utils-1.0.2-4.ppc.rpm	SHA-256: 20edfb568725d9db3006b079a562a01f145a2b74ca5631513f39878b10d75951

Red Hat Enterprise Linux Server from RHUI 5

SRPM
xorg-x11-xfs-1.0.2-4.src.rpm	SHA-256: 76d5eeac55117e16454f7e12db3e27dc0d1de674b4b4b2ad3cbe305ed5de6fff
x86_64
xorg-x11-xfs-1.0.2-4.x86_64.rpm	SHA-256: 77f445cf3343aae3b64c5c7a97deee4b7f7be2c2110fa26a28bb29287a73daab
xorg-x11-xfs-utils-1.0.2-4.x86_64.rpm	SHA-256: f923e9952d3eca662063313a02e8f6ce0ebe0c682ab7ec9eb9c89e84828c3b8e
i386
xorg-x11-xfs-1.0.2-4.i386.rpm	SHA-256: 4b4ce91431058a9046e7f031de2c3f5d1cf70bb825d681be6c1f950ae08f9d3f
xorg-x11-xfs-utils-1.0.2-4.i386.rpm	SHA-256: a6bdabdbe6b4d5650a807c05c33c603e93087ee52d632963ce47cc675ceb1633

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation