LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

rPath alert rPSA-2006-0167-1 (x11)



From:
    	      rPath Update Announcements <announce-noreply@rpath.com>


To:
    	      security-announce@lists.rpath.com, update-announce@lists.rpath.com


Subject:
    	      rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools
 xorg-x11-xfs


Date:
    	      Tue, 12 Sep 2006 12:38:50 -0400


Cc:
    	      full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net


rPath Security Advisory: 2006-0167-1
Published: 2006-09-12
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
    Local Root Deterministic Privilege Escalation
Updated Versions:
    xorg-x11=/conary.rpath.com@rpl:devel//1/6.8.2-30.2-1
    xorg-x11-fonts=/conary.rpath.com@rpl:devel//1/6.8.2-30.2-1
    xorg-x11-tools=/conary.rpath.com@rpl:devel//1/6.8.2-30.2-1
    xorg-x11-xfs=/conary.rpath.com@rpl:devel//1/6.8.2-30.2-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    https://issues.rpath.com/browse/RPL-614

Description:
    Previous versions of the xorg-x11 package contain a font parsing
    vulnerability that allows users with access to a running X server
    to run arbitrary code as the root user.  Applying this fix to
    affected systems requires restarting the X server.
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds