CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
29.0%
CentOS Errata and Security Advisory CESA-2006:0666
XFree86 is an implementation of the X Window System, which provides the
core functionality for the Linux graphical desktop.
iDefense reported two integer overflow flaws in the way the XFree86 server
processed CID font files. A malicious authorized client could exploit this
issue to cause a denial of service (crash) or potentially execute arbitrary
code with root privileges on the XFree86 server. (CVE-2006-3739,
CVE-2006-3740)
Users of XFree86 should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-September/075380.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075388.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075412.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075413.html
Affected packages:
XFree86
XFree86-100dpi-fonts
XFree86-75dpi-fonts
XFree86-ISO8859-14-100dpi-fonts
XFree86-ISO8859-14-75dpi-fonts
XFree86-ISO8859-15-100dpi-fonts
XFree86-ISO8859-15-75dpi-fonts
XFree86-ISO8859-2-100dpi-fonts
XFree86-ISO8859-2-75dpi-fonts
XFree86-ISO8859-9-100dpi-fonts
XFree86-ISO8859-9-75dpi-fonts
XFree86-Mesa-libGL
XFree86-Mesa-libGLU
XFree86-Xnest
XFree86-Xvfb
XFree86-base-fonts
XFree86-cyrillic-fonts
XFree86-devel
XFree86-doc
XFree86-font-utils
XFree86-libs
XFree86-libs-data
XFree86-sdk
XFree86-syriac-fonts
XFree86-tools
XFree86-truetype-fonts
XFree86-twm
XFree86-xauth
XFree86-xdm
XFree86-xfs
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0666