RHEL 2.1 : XFree86 (RHSA-2004:152)

high Nessus Plugin ID 12483

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated XFree86 packages that fix a minor denial of service vulnerability are now available.

XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers.

Flaws in XFree86 4.1.0 allows local or remote attackers who are able to connect to the X server to cause a denial of service via an out-of-bounds array index or integer signedness error when using the GLX extension and Direct Rendering Infrastructure (DRI). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0093 and CVE-2004-0094 to these issues.

These issues do not affect Red Hat Enterprise Linux 3.

All users of XFree86 are advised to upgrade to these erratum packages, which contain a backported fix and are not vulnerable to these issues.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2004-0093

https://access.redhat.com/security/cve/cve-2004-0094

https://access.redhat.com/errata/RHSA-2004:152

Plugin Details

Severity: High

ID: 12483

File Name: redhat-RHSA-2004-152.nasl

Version: 1.28

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-15-75dpi-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-xnest, p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-2-75dpi-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-cyrillic-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-xfs, p-cpe:/a:redhat:enterprise_linux:xfree86-libs, p-cpe:/a:redhat:enterprise_linux:xfree86-xf86cfg, p-cpe:/a:redhat:enterprise_linux:xfree86-xdm, p-cpe:/a:redhat:enterprise_linux:xfree86-twm, p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-2-100dpi-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-75dpi-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-tools, p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-15-100dpi-fonts, cpe:/o:redhat:enterprise_linux:2.1, p-cpe:/a:redhat:enterprise_linux:xfree86, p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-9-75dpi-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-xvfb, p-cpe:/a:redhat:enterprise_linux:xfree86-devel, p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-9-100dpi-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-doc, p-cpe:/a:redhat:enterprise_linux:xfree86-100dpi-fonts

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 4/21/2004

Vulnerability Publication Date: 3/15/2004

Reference Information

CVE: CVE-2004-0093, CVE-2004-0094

RHSA: 2004:152