Beschreibung: | Description:
The remote host is missing an update to xorg-x11 announced via advisory MDVSA-2008:022.
Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which if exploited could lead to local privilege escalation (CVE-2007-4730).
An input validation flaw was found in the X.org server's XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-5760).
A flaw was found in the X.org server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958).
A memory corruption flaw was found in the X.org server's XInput extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-6427).
An information disclosure flaw was found in the X.org server's TOG-CUP extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially view arbitrary memory content within the X.org server's address space (CVE-2007-6428).
Two integer overflow flaws were found in the X.org server's EVI and MIT-SHM modules that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server (CVE-2007-6429).
A heap-based buffer overflow flaw was found in how the X.org server handled malformed font files that could allow a malicious local user to potentially execute arbitrary code with the privileges of the X.org server (CVE-2008-0006).
The updated packages have been patched to correct these issues.
Affected: Corporate 4.0
Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:022
Risk factor : Critical
CVSS Score: 9.3
|