Description: | Description:
The remote host is missing updates announced in advisory FLSA-2005:2314.
Note that some of these issues have already been fixed in Redhat 9 and Fedora Core 1. Please refer to previous advisories for details.
iDefense discovered two buffer overflows in the parsing of the 'font.alias' file. A local attacker could exploit this vulnerability by creating a carefully-crafted file and gaining root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0083 and CVE-2004-0084 to these issues.
Additionally David Dawes discovered additional flaws in reading font files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0106 to these issues.
Steve Rumble discovered that xdm in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0419 to these issues.
During a source code audit, Chris Evans discovered several stack overflow flaws and an integer overflow flaw in the X.Org libXpm library used to decode XPM (X PixMap) images. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0687, CVE-2004-0688, CVE-2004-0692 and CVE-2004-0914 to these issues.
Affected platforms: Redhat 7.3 Redhat 9 Fedora Core 1
Solution: https://secure1.securityspace.com/smysecure/catid.html?in=FLSA-2005:2314
Risk factor : Critical
CVSS Score: 10.0
|