SuSE Update for XOrg SUSE-SA:2007:054

local privilege escalation
Please Install the Updated Packages.
The Xorg server was updated to fix 2 problems in the X FontServer found in Xorg versions starting with 6.8 and in the Composite extension. SUSE Linux 10.0,10.1, openSUSE 10.2, 10.3 and SUSE Linux Enterprise 10 are affected by these 3 problems, older distributions are not. Following issues were fixed: IDEF2708 / CVE-2007-4989: X Font Server build_range() Integer Overflow Vulnerability. IDEF2709 / CVE-2007-4990: X Font Server swap_char2b() Heap Overflow Vulnerability CVE-2007-4730: A buffer overflow in the Composite extension. These can be exploited by logged in users to potentially execute code in the X server or xfs, which are running as root.
XOrg on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1