[Technik] [SECURITY] [DSA 1193-1] New XFree86 packages fix
several vulnerabilities
Noèl Köthe
noel at debian.org
Wed Oct 11 10:56:51 CEST 2006
Am Montag, den 09.10.2006, 18:58 +0200 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA 1193-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> October 9th, 2006 http://www.debian.org/security/faq
>
> Package : xfree86
> Vulnerability : several
> Problem-Type : local(remote)
> Debian-specific: no
> CVE ID : CVE-2006-3467 CVE-2006-3739 CVE-2006-3740 CVE-2006-4447
xfree86 auf pima, pomo, yuma, cusa, crow, cree, acoma, h01, h02, h03 und
cupa aktualisiert.
> For the stable distribution (sarge) these problems have been fixed in
> version 4.3.0.dfsg.1-14sarge2. This release lacks builds for the
changelog:
xfree86 (4.3.0.dfsg.1-14sarge2) stable-security; urgency=high
* Security update release. Resolves the following issues:
+ CVE-2006-3467: integer overflow in FreeType before 2.2 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via unknown vectors.
+ CVE-2006-3739: Integer overflow in CIDADM font handling allows
code injection.
+ CVE-2006-3740: Integer overflow in scan_cidfont font handling allows
code injection.
+ CVE-2006-4447: Proper setuid() return value check, prevents potential
privilege escalation.
+ freetype buffer overflow (no known exploits).
-- Frans Pop <fjp at debian.org> Sun, 1 Oct 2006 10:37:26 +0200
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20061011/ae57d9cd/attachment.pgp
More information about the Technik
mailing list