Package name
xorg-x11
Date
2006-11-17
Advisory ID
MDKSA-2006:164-1
Affected versions
2007.0 x86_64 , 2007.0 i586

Problem description

Local exploitation of an integer overflow vulnerability in the
'CIDAFM()' function in the X.Org and XFree86 X server could allow an
attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3739).

Local exploitation of an integer overflow vulnerability in the
'scan_cidfont()' function in the X.Org and XFree86 X server could allow
an attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3740).

Updated packages are patched to address this issue.

Update:

Updated packages for 2007.0 have been patched (libxfont)

Updated packages

2007.0 x86_64

 236b0e53bb7c9cfa09e50030bb812c1f  2007.0/x86_64/lib64xfont1-1.1.0-4.1mdv2007.0.x86_64.rpm
 6ba1392948b5aa507675bb27a4783ff2  2007.0/x86_64/lib64xfont1-devel-1.1.0-4.1mdv2007.0.x86_64.rpm
 d484c9490f06a16f71faf6fa2f5e1f21  2007.0/x86_64/lib64xfont1-static-devel-1.1.0-4.1mdv2007.0.x86_64.rpm
 3af8ee0086a093daef39ec7be078f6e8  2007.0/x86_64/libxfont-debug-1.1.0-4.1mdv2007.0.x86_64.rpm 
 be0b07f353c66939d676c139b29d686d  2007.0/SRPMS/libxfont-1.1.0-4.1mdv2007.0.src.rpm

2007.0 i586

 450b96572ecc3cc1a58d596fc578a703  2007.0/i586/libxfont1-1.1.0-4.1mdv2007.0.i586.rpm
 14062b73ca8dc6a1c8d1b7a4f047b1f4  2007.0/i586/libxfont1-devel-1.1.0-4.1mdv2007.0.i586.rpm
 9d594cbb4ce10aa517d1bce91515854b  2007.0/i586/libxfont1-static-devel-1.1.0-4.1mdv2007.0.i586.rpm 
 be0b07f353c66939d676c139b29d686d  2007.0/SRPMS/libxfont-1.1.0-4.1mdv2007.0.src.rpm

References