Test Kennung:	1.3.6.1.4.1.25623.1.0.60255
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2008:022 (xorg-x11)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to xorg-x11 announced via advisory MDVSA-2008:022. Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which if exploited could lead to local privilege escalation (CVE-2007-4730). An input validation flaw was found in the X.org server's XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-5760). A flaw was found in the X.org server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958). A memory corruption flaw was found in the X.org server's XInput extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-6427). An information disclosure flaw was found in the X.org server's TOG-CUP extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially view arbitrary memory content within the X.org server's address space (CVE-2007-6428). Two integer overflow flaws were found in the X.org server's EVI and MIT-SHM modules that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server (CVE-2007-6429). A heap-based buffer overflow flaw was found in how the X.org server handled malformed font files that could allow a malicious local user to potentially execute arbitrary code with the privileges of the X.org server (CVE-2008-0006). The updated packages have been patched to correct these issues. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:022 Risk factor : Critical CVSS Score: 9.3
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4730 BugTraq ID: 25606 http://www.securityfocus.com/bid/25606 Debian Security Information: DSA-1372 (Google Search) http://www.debian.org/security/2007/dsa-1372 http://security.gentoo.org/glsa/glsa-200710-16.xml http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:178 http://www.mandriva.com/security/advisories?name=MDVSA-2008:022 http://lists.freedesktop.org/archives/xorg-announce/2007-September/000378.html http://osvdb.org/37726 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10430 http://www.redhat.com/support/errata/RHSA-2007-0898.html http://www.securitytracker.com/id?1018665 http://secunia.com/advisories/26743 http://secunia.com/advisories/26755 http://secunia.com/advisories/26763 http://secunia.com/advisories/26823 http://secunia.com/advisories/26859 http://secunia.com/advisories/26897 http://secunia.com/advisories/27147 http://secunia.com/advisories/27179 http://secunia.com/advisories/27228 http://secunia.com/advisories/30161 SuSE Security Announcement: SUSE-SA:2007:054 (Google Search) http://www.novell.com/linux/security/advisories/2007_54_xorg.html http://www.ubuntu.com/usn/usn-514-1 http://www.vupen.com/english/advisories/2007/3098 XForce ISS Database: xorg-composite-bo(36535) https://exchange.xforce.ibmcloud.com/vulnerabilities/36535 Common Vulnerability Exposure (CVE) ID: CVE-2007-5760 BugTraq ID: 27336 http://www.securityfocus.com/bid/27336 BugTraq ID: 27354 http://www.securityfocus.com/bid/27354 Bugtraq: 20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search) http://www.securityfocus.com/archive/1/487335/100/0/threaded Debian Security Information: DSA-1466 (Google Search) http://www.debian.org/security/2008/dsa-1466 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html http://security.gentoo.org/glsa/glsa-200801-09.xml http://security.gentoo.org/glsa/glsa-200804-05.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=646 http://www.mandriva.com/security/advisories?name=MDVSA-2008:023 http://www.mandriva.com/security/advisories?name=MDVSA-2008:025 http://lists.freedesktop.org/archives/xorg/2008-January/031918.html OpenBSD Security Advisory: [4.1] 20080208 012: SECURITY FIX: February 8, 2008 http://www.openbsd.org/errata41.html#012_xorg OpenBSD Security Advisory: [4.2] 20080208 006: SECURITY FIX: February 8, 2008 http://www.openbsd.org/errata42.html#006_xorg https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11718 http://www.redhat.com/support/errata/RHSA-2008-0030.html http://www.redhat.com/support/errata/RHSA-2008-0031.html http://securitytracker.com/id?1019232 http://secunia.com/advisories/28273 http://secunia.com/advisories/28532 http://secunia.com/advisories/28535 http://secunia.com/advisories/28536 http://secunia.com/advisories/28539 http://secunia.com/advisories/28540 http://secunia.com/advisories/28543 http://secunia.com/advisories/28550 http://secunia.com/advisories/28584 http://secunia.com/advisories/28592 http://secunia.com/advisories/28616 http://secunia.com/advisories/28693 http://secunia.com/advisories/28718 http://secunia.com/advisories/28843 http://secunia.com/advisories/28885 http://secunia.com/advisories/28941 http://secunia.com/advisories/29707 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1 SuSE Security Announcement: SUSE-SA:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html https://usn.ubuntu.com/571-1/ http://www.vupen.com/english/advisories/2008/0179 http://www.vupen.com/english/advisories/2008/0184 http://www.vupen.com/english/advisories/2008/0497/references XForce ISS Database: xorg-xfree86misc-code-execution(39766) https://exchange.xforce.ibmcloud.com/vulnerabilities/39766 Common Vulnerability Exposure (CVE) ID: CVE-2007-5958 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 27356 http://www.securityfocus.com/bid/27356 https://www.exploit-db.com/exploits/5152 HPdes Security Advisory: HPSBUX02381 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 HPdes Security Advisory: SSRT080083 http://www.mandriva.com/security/advisories?name=MDVSA-2008:021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10991 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5393 http://www.redhat.com/support/errata/RHSA-2008-0029.html http://secunia.com/advisories/28542 http://secunia.com/advisories/28997 http://secunia.com/advisories/29420 http://secunia.com/advisories/29622 http://secunia.com/advisories/32545 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103205-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-230901-1 SuSE Security Announcement: SUSE-SR:2008:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/3000 XForce ISS Database: xorg-xsp-information-disclosure(39769) https://exchange.xforce.ibmcloud.com/vulnerabilities/39769 Common Vulnerability Exposure (CVE) ID: CVE-2007-6427 BugTraq ID: 27351 http://www.securityfocus.com/bid/27351 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10372 http://secunia.com/advisories/28838 http://secunia.com/advisories/29139 SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://www.vupen.com/english/advisories/2008/0703 XForce ISS Database: xorg-xinput-code-execution(39759) https://exchange.xforce.ibmcloud.com/vulnerabilities/39759 Common Vulnerability Exposure (CVE) ID: CVE-2007-6428 BugTraq ID: 27355 http://www.securityfocus.com/bid/27355 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=644 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11754 XForce ISS Database: xorg-togcup-information-disclosure(39761) https://exchange.xforce.ibmcloud.com/vulnerabilities/39761 Common Vulnerability Exposure (CVE) ID: CVE-2007-6429 BugTraq ID: 27350 http://www.securityfocus.com/bid/27350 BugTraq ID: 27353 http://www.securityfocus.com/bid/27353 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11045 XForce ISS Database: xorg-evi-bo(39763) https://exchange.xforce.ibmcloud.com/vulnerabilities/39763 XForce ISS Database: xorg-mitshm-overflow(39764) https://exchange.xforce.ibmcloud.com/vulnerabilities/39764 Common Vulnerability Exposure (CVE) ID: CVE-2008-0006 BugTraq ID: 27352 http://www.securityfocus.com/bid/27352 CERT/CC vulnerability note: VU#203220 http://www.kb.cert.org/vuls/id/203220 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html http://jvn.jp/en/jp/JVN88935101/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021 http://www.redhat.com/support/errata/RHSA-2008-0064.html http://secunia.com/advisories/28500 http://secunia.com/advisories/28544 http://secunia.com/advisories/28571 http://secunia.com/advisories/28621 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1 XForce ISS Database: xorg-pcffont-bo(39767) https://exchange.xforce.ibmcloud.com/vulnerabilities/39767
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.