|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200701-25] X.Org X server: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary X.Org X server: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200701-25
(X.Org X server: Multiple vulnerabilities)
Multiple memory corruption vulnerabilities have been found in the
ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE
extension, and ProcRenderAddGlyphs() in the Render extension.
Impact
A local attacker could execute arbitrary code with the rights of
the user running the X server, typically root.
Workaround
Disable the dbe and render extension by removing the "Load dbe" and
"Load render" directives in the Module section of xorg.conf.
Note: This could affect the functionality of some applications.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103
Solution:
All X.Org X server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.1-r4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|