Ubuntu Update For Freetype, Libxfont, Xorg, Xorg-server Vulnerabilities USN-448-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-448-1

Solution

Please Install the Updated Packages.

Insight

Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. (CVE-2007-1003) Greg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with root privileges. (CVE-2007-1351, CVE-2007-1352)

Affected

freetype, libxfont, xorg, xorg-server vulnerabilities on Ubuntu 5.10 , Ubuntu 6.06 LTS , Ubuntu 6.10

Severity

Classification

CVE CVE-2007-1003, CVE-2007-1351, CVE-2007-1352

CVSS	Base Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for cupsys vulnerabilities USN-598-1
Ubuntu Update for dhcp3 vulnerability USN-1108-1
Ubuntu Update for Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities USN-896-1
Ubuntu Update for apt-listchanges vulnerability USN-572-1
Ubuntu Update for devscripts USN-2084-1

Ubuntu Update for freetype, libxfont, xorg, xorg-server vulnerabilities USN-448-1

Take action and discover your vulnerabilities