Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200609-07 (libxfont)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57885

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200609-07 (libxfont)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory GLSA 200609-07.

Some buffer overflows were discovered in the CID font parser, potentially
resulting in the execution of arbitrary code with elevated privileges.

Solution:
All libXfont users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-libs/libXfont-1.2.1'

All monolithic X.org users are advised to migrate to modular X.org.

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200609-07
http://bugs.gentoo.org/show_bug.cgi?id=145513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3740

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-3739
BugTraq ID: 19974
http://www.securityfocus.com/bid/19974
Bugtraq: 20060912 rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
http://www.securityfocus.com/archive/1/445812/100/0/threaded
Bugtraq: 20070330 VMSA-2007-0002 VMware ESX security updates (Google Search)
http://www.securityfocus.com/archive/1/464268/100/0/threaded
Debian Security Information: DSA-1193 (Google Search)
http://www.debian.org/security/2006/dsa-1193
http://security.gentoo.org/glsa/glsa-200609-07.xml
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=412
http://www.mandriva.com/security/advisories?name=MDKSA-2006:164
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10305
http://www.redhat.com/support/errata/RHSA-2006-0665.html
http://www.redhat.com/support/errata/RHSA-2006-0666.html
http://securitytracker.com/id?1016828
http://secunia.com/advisories/21864
http://secunia.com/advisories/21889
http://secunia.com/advisories/21890
http://secunia.com/advisories/21894
http://secunia.com/advisories/21900
http://secunia.com/advisories/21904
http://secunia.com/advisories/21908
http://secunia.com/advisories/21924
http://secunia.com/advisories/22080
http://secunia.com/advisories/22141
http://secunia.com/advisories/22332
http://secunia.com/advisories/22560
http://secunia.com/advisories/23033
http://secunia.com/advisories/23899
http://secunia.com/advisories/24636
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102714-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1
SuSE Security Announcement: SUSE-SR:2006:023 (Google Search)
http://www.novell.com/linux/security/advisories/2006_23_sr.html
http://www.ubuntu.com/usn/usn-344-1
http://www.vupen.com/english/advisories/2006/3581
http://www.vupen.com/english/advisories/2006/3582
http://www.vupen.com/english/advisories/2007/0322
http://www.vupen.com/english/advisories/2007/1171
XForce ISS Database: xorg-server-cidafm-overflow(28899)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28899
Common Vulnerability Exposure (CVE) ID: CVE-2006-3740
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454
http://secunia.com/advisories/23907
XForce ISS Database: xorg-server-scancidfont-overflow(28890)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28890

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57885
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200609-07 (libxfont)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory GLSA 200609-07. Some buffer overflows were discovered in the CID font parser, potentially resulting in the execution of arbitrary code with elevated privileges. Solution: All libXfont users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/libXfont-1.2.1' All monolithic X.org users are advised to migrate to modular X.org. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200609-07 http://bugs.gentoo.org/show_bug.cgi?id=145513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3740 CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3739 BugTraq ID: 19974 http://www.securityfocus.com/bid/19974 Bugtraq: 20060912 rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search) http://www.securityfocus.com/archive/1/445812/100/0/threaded Bugtraq: 20070330 VMSA-2007-0002 VMware ESX security updates (Google Search) http://www.securityfocus.com/archive/1/464268/100/0/threaded Debian Security Information: DSA-1193 (Google Search) http://www.debian.org/security/2006/dsa-1193 http://security.gentoo.org/glsa/glsa-200609-07.xml http://www.idefense.com/intelligence/vulnerabilities/display.php?id=412 http://www.mandriva.com/security/advisories?name=MDKSA-2006:164 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10305 http://www.redhat.com/support/errata/RHSA-2006-0665.html http://www.redhat.com/support/errata/RHSA-2006-0666.html http://securitytracker.com/id?1016828 http://secunia.com/advisories/21864 http://secunia.com/advisories/21889 http://secunia.com/advisories/21890 http://secunia.com/advisories/21894 http://secunia.com/advisories/21900 http://secunia.com/advisories/21904 http://secunia.com/advisories/21908 http://secunia.com/advisories/21924 http://secunia.com/advisories/22080 http://secunia.com/advisories/22141 http://secunia.com/advisories/22332 http://secunia.com/advisories/22560 http://secunia.com/advisories/23033 http://secunia.com/advisories/23899 http://secunia.com/advisories/24636 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102714-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1 SuSE Security Announcement: SUSE-SR:2006:023 (Google Search) http://www.novell.com/linux/security/advisories/2006_23_sr.html http://www.ubuntu.com/usn/usn-344-1 http://www.vupen.com/english/advisories/2006/3581 http://www.vupen.com/english/advisories/2006/3582 http://www.vupen.com/english/advisories/2007/0322 http://www.vupen.com/english/advisories/2007/1171 XForce ISS Database: xorg-server-cidafm-overflow(28899) https://exchange.xforce.ibmcloud.com/vulnerabilities/28899 Common Vulnerability Exposure (CVE) ID: CVE-2006-3740 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454 http://secunia.com/advisories/23907 XForce ISS Database: xorg-server-scancidfont-overflow(28890) https://exchange.xforce.ibmcloud.com/vulnerabilities/28890
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com