Mandriva Update For Libxfont MDVSA-2008:024 (libxfont) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A heap-based buffer overflow flaw was found in how the X.org server handled malformed font files that could allow a malicious local user to potentially execute arbitrary code with the privileges of the X.org server (CVE-2008-0006). The updated packages have been patched to correct this issue.

Affected

libxfont on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2008-0006
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:022 (php)
Mandrake Security Advisory MDVSA-2009:006 (openoffice.org)
Mandrake Security Advisory MDVSA-2009:191 (OpenEXR)
Mandrake Security Advisory MDVSA-2009:081 (libsoup)
Mandrake Security Advisory MDVSA-2009:013 (mplayer)

Mandriva Update for libxfont MDVSA-2008:024 (libxfont)

Take action and discover your vulnerabilities