Fedora Core 3 : xorg-x11-6.8.2-1.FC3.45 (2005-893)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

Updated xorg-x11 packages that fix several integer overflows, various
bugs, are now available for Fedora Core 3.

X.Org X11 is an implementation of the X Window System, which provides
the core functionality for the Linux graphical desktop.

Several integer overflow bugs were found in the way X.Org X11 code
parses pixmap images. It is possible for a user to gain elevated
privileges by loading a specially crafted pixmap image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-2495 to this issue.

Additionally, this update contains :

- Support for some newer models of Intel i945 video
chipsets.

- A change to the X server to make it use linux PCI config
space access methods instead of directly touching the
PCI config space registers itself. This prevents the X
server from causing hardware lockups due accessing PCI
config space at the same time the kernel has it locked.
This is the latest revision of the PCI config space
access patches, which fix a few regressions discovered
on some hardware with previous patches.

- A fix for a memory leak in the X server's shadow
framebuffer code.

- A problem with the Dutch keyboard layout has been
resolved.

- The open source 'nv' driver for Nvidia hardware has been
updated to the latest version. Additionally, a
workaround has been added to the driver to disable known
unstable acceleration primitives on some GeForce
6200/6600/6800 models.

- Several bugs have been fixed in the Xnest X server.

- DRI is now enabled by default on all ATI Radeon hardware
except for the Radeon 7000/Radeon VE chipsets, which is
known to be unstable for many users currently when DRI
is enabled. Radeon 7000 users can re-enable DRI if
desired by using Option 'DRI' in the device section of
the config file, with the understanding that we consider
it unstable currently.

- Added missing libFS.so and libGLw.so symlinks to the
xorg-x11-devel package, which were inadvertently left
out, causing apps to link to the static versions of
these libraries.

- Fix xfs.init 'fonts.dir: No such file or directory'
errors

A number of other issues have also been resolved. Please consult the
xorg-x11 rpm changelog for a detailed list.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?99c29075

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

Family: Fedora Local Security Checks

Nessus Plugin ID: 19739 (fedora_2005-893.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2495

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now