Summary
The remote host is missing an update to xfree86-1
announced via advisory DSA 030-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20030-1
Insight
Chris Evans, Joseph S. Myers, Michal Zalewski, Alan Cox, and others have noted a number of problems in several components of the X Window System sample implementation (from which XFree86 is derived). While there are no known reports of real-world malicious exploits of any of these problems, it is nevertheless suggested that you upgrade your XFree86 packages immediately.
The scope of this advisory is XFree86 3.3.6 only, since that is the version released with Debian GNU/Linux 2.2 ('potato')
Debian packages of XFree86
4.0 and later have not been released as part of a Debian distribution.
Several people are responsible for authoring the fixes to these problems, including Aaron Campbell, Paulo Cesar Pereira de Andrade, Keith Packard, David Dawes, Matthieu Herrb, Trevor Johnson, Colin Phipps, and Branden Robinson.
For a more detailed description of the problems addressed, please visit the referenced security advisory.
These problems have been fixed in version 3.3.6-11potato32 and we recommand that you upgrade your X packages immediately.
Severity
Classification
-
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Debian Security Advisory DSA 1033-1 (horde3)
- Debian Security Advisory DSA 087-1 (wu-ftpd)
- Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips)
- Debian Security Advisory DSA 089-1 (icecast-server)
- Debian Security Advisory DSA 047-1 (various kernel packages)