Mandrake Linux Security Advisory : XFree86 (MDKSA-2003:089)

High Nessus Plugin ID 14071


The remote Mandrake Linux host is missing one or more security updates.


Several vulnerabilities were discovered by blexim(at) in the font libraries of XFree86 version 4.3.0 and earlier. These bugs could potentially lead to execution of arbitrary code or a DoS by a remote user in any way that calls these functions, which are related to the transfer and enumeration of fonts from font servers to clients.

As well, some bugs were fixed in XFree86 as released with Mandrake Linux 9.2, specifically a problem where X would freeze with a black screen at logout or shutdown with DRI enabled on certain ATI Radeon cards.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 14071

File Name: mandrake_MDKSA-2003-089.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:X11R6-contrib, p-cpe:/a:mandriva:linux:XFree86, p-cpe:/a:mandriva:linux:XFree86-100dpi-fonts, p-cpe:/a:mandriva:linux:XFree86-75dpi-fonts, p-cpe:/a:mandriva:linux:XFree86-Xnest, p-cpe:/a:mandriva:linux:XFree86-Xvfb, p-cpe:/a:mandriva:linux:XFree86-cyrillic-fonts, p-cpe:/a:mandriva:linux:XFree86-devel, p-cpe:/a:mandriva:linux:XFree86-doc, p-cpe:/a:mandriva:linux:XFree86-glide-module, p-cpe:/a:mandriva:linux:XFree86-libs, p-cpe:/a:mandriva:linux:XFree86-server, p-cpe:/a:mandriva:linux:XFree86-static-libs, p-cpe:/a:mandriva:linux:XFree86-xfs, cpe:/o:mandrakesoft:mandrake_linux:9.0, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2003/09/11

Reference Information

CVE: CVE-2003-0730

MDKSA: 2003:089