[ MDVSA-2008:021 ] - Updated XFree86 packages fix multiple v

[dude67]

Updated XFree86 packages fix multiple vulnerabilities

A flaw was found in the XFree86 server's XC-SECURITY extension that
could allow a local user to verify the existence of an arbitrary file,
even in directories that are not normally accessible to that user
(CVE-2007-5958).

A memory corruption flaw was found in the XFree86 server's XInput
extension that could allow a malicious authorized client to cause a
denial of service (crash) or potentially execute arbitrary code with
root privileges on the XFree86 server (CVE-2007-6427).

An information disclosure flaw was found in the XFree86 server's
TOG-CUP extension that could allow a malicious authorized client to
cause a denial of service (crash) or potentially view arbitrary memory
content within the XFree86 server's address space (CVE-2007-6428).

Two integer overflow flaws were found in the XFree86 server's EVI
and MIT-SHM modules that could allow a malicious authorized client
to cause a denial of service (crash) or potentially execute arbitrary
code with the privileges of the XFree86 server (CVE-2007-6429).

A heap-based buffer overflow flaw was found in how the XFree86 server
handled malformed font files that could allow a malicious local user
to potentially execute arbitrary code with the privileges of the
XFree86 server (CVE-2008-0006).

The updated packages have been patched to correct these issues.
_______________________________________________________________________