rPath alert rPSA-2007-0205-1 (x11)

From:
    	     
 
rPath Update Announcements <announce-noreply@rpath.com>
To:
    	     
 
security-announce@lists.rpath.com, update-announce@lists.rpath.com
Subject:
    	     
 
rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools
 xorg-x11-xfs
Date:
    	     
 
Wed, 03 Oct 2007 15:41:43 -0400
Message-ID:
    	     
 
<4703f077.LepTqXfrgufa0fMU%announce-noreply@rpath.com>
Cc:
    	     
 
full-disclosure@lists.grok.org.uk, vulnwatch@vulnwatch.org,
 bugtraq@securityfocus.com, lwn@lwn.net
rPath Security Advisory: 2007-0205-1
Published: 2007-10-03
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
    Local System User Deterministic Privilege Escalation
Updated Versions:
    xorg-x11=/conary.rpath.com@rpl:devel//1/6.8.2-30.11-1
    xorg-x11-fonts=/conary.rpath.com@rpl:devel//1/6.8.2-30.11-1
    xorg-x11-tools=/conary.rpath.com@rpl:devel//1/6.8.2-30.11-1
    xorg-x11-xfs=/conary.rpath.com@rpl:devel//1/6.8.2-30.11-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-1756

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4989
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4990

Description:
    Previous versions of the xorg-x11 package contain multiple
    vulnerabilities in the xfs font server in which integer and heap
    overflows may allow a local attacker to execute arbitrary code with
    elevated privileges (as the "xfs" user on rPath Linux systems).

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html