[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RHN Errata Alert: Important: XFree86 security update

Subject: RHN Errata Alert: Important: XFree86 security update
From: Red Hat Network Alert <dev-null@rhn.redhat.com>
Date: Sat, 14 Jun 2008 09:37:51 -0400

Red Hat Network has determined that the following advisory is applicable to
one or more of the systems you have registered:

Complete information about this errata can be found at the following location:
     https://rhn.redhat.com/rhn/errata/details/Details.do?eid=7195

Security Advisory - RHSA-2008:0502-3
------------------------------------------------------------------------------
Summary:
Important: XFree86 security update

Updated XFree86 packages that fix several security issues are now available
for Red Hat Enterprise Linux 3.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description:
XFree86 is an implementation of the X Window System, which provides the
core functionality for the Linux graphical desktop.

An input validation flaw was discovered in X.org's Security and Record
extensions. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or, potentially, execute arbitrary code with
root privileges on the X.Org server. (CVE-2008-1377)

Multiple integer overflow flaws were found in X.org's Render extension. A
malicious authorized client could exploit these issues to cause a denial of
service (crash) or, potentially, execute arbitrary code with root
privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)

An input validation flaw was discovered in X.org's MIT-SHM extension. A
client connected to the X.org server could read arbitrary server memory.
This could result in the sensitive data of other users of the X.org server
being disclosed. (CVE-2008-1379)

Users of XFree86 are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.


References:
http://www.redhat.com/security/updates/classification/#important
------------------------------------------------------------------------------

-------------
Taking Action
-------------
You may address the issues outlined in this advisory in two ways:

     - select your server name by clicking on its name from the list
       available at the following location, and then schedule an
       errata update for it:
           https://rhn.redhat.com/rhn/systems/SystemList.do

     - run the Update Agent on each affected server.


---------------------------------
Changing Notification Preferences
---------------------------------
To enable/disable your Errata Alert preferences globally please log in to RHN
and navigate from "Your RHN" / "Your Account" to the "Preferences" tab.

        URL: https://rhn.redhat.com/rhn/account/UserPreferences.do

You can also enable/disable notification on a per system basis by selecting an
individual system from the "Systems List". From the individual system view
click the "Details" tab.


---------------------
Affected Systems List
---------------------
This Errata Advisory may apply to the systems listed below. If you know that
this errata does not apply to a system listed, it might be possible that the
package profile for that server is out of date. In that case you should run
'up2date -p' as root on the system in question to refresh your software profile.

There are 86 affected systems registered in 'Your RHN' (only systems for
which you have explicitly enabled Errata Alerts are shown).

Release   Arch       Profile Name
--------  --------   ------------
3WS       i686       node-xeon-9                             
3WS       i686       node-xeon-11                            
3WS       athlon     node-opteron-1                          
3WS       athlon     node-opteron-2                          
3WS       athlon     node-opteron-3                          
3WS       athlon     node-opteron-4                          
3WS       athlon     node-opteron-5                          
3WS       athlon     node-opteron-7                          
3WS       athlon     node-opteron-8                          
3AS       i686       node-xeon-2                             
3WS       i686       node-xeon-3                             
3WS       i686       node-xeon-5                             
3WS       i686       node-xeon-6                             
3WS       athlon     tw2200node14                            
3WS       i686       bme0                                    
3WS       i686       gen2                                    
3WS       i686       node-xeon-8                             
3WS       i686       node-xeon-4                             
3WS       athlon     node-opteron-6                          
3WS       i686       node-xeon-7                             
3WS       x86_64     opteron4                                


The Red Hat Network Team

This message is being sent by Red Hat Network Alert to:
    RHN user login:        ucidcs

If you lost your RHN password, you can use the information above to
retrieve it by email from the following address:
    htts://www.redhat.com/wapps/sso/rhn/lostPassword.html

To cancel these notices, go to:
    https://rhn.redhat.com/rhn/account/UserPreferences.do

Prev by Date: RHN Errata Alert: Important: XFree86 security update
Next by Date: RHN Errata Alert: Important: xorg-x11 security update
Previous by thread: RHN Errata Alert: Important: XFree86 security update
Next by thread: RHN Errata Alert: Updated XFree86 packages are available
Index(es):
- Date
- Thread