[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: vulnerability ?




norm wrote:
> On Tue, 03 Oct 2006 08:40:49 -0500
> Jeff Vian <jvian10 charter net> wrote:
> 
>> On Mon, 2006-10-02 at 19:58 -0700, norm wrote:
>>> On Tue, 03 Oct 2006 10:11:24 +0800
>>> Ed Greshko <Ed Greshko greshko com> wrote:
>>>
>>>> norm wrote:
>>>>> I recently ran a security scan on my system and the result in
>>>>> part was The remote host is missing the patch for the advisory
>>>>> FEDORA-2006-172 (xorg-x11-server).  It advises me to update my
>>>>> system using the latest from Fedora. To the best of my
>>>>> knowledge I am running a fully patched system with
>>>>> 2.6.17-1.2187_FC5. This is a vulnerability that I understand to
>>>>> have been around for a while and I assume in the intervening 6
>>>>> months or so it has been patched.  Does anyone know if this
>>>>> vulnerability is a false positive?
>>>> Is your xorg-x11-server-Xorg 1.0.1-9.fc5.5?
>>>>
>>> Ed 
>>> How do I find out if it is?  From what I can figure out it is not,
>>> but that is only a guess.
>>>
>> If you have been doing the routine yum updates then it 'should' be up
>> to date.
>>
>> To check it run "rpm -qa xorg-x11-serv\* "  and it will tell you what
>> versions all the x11 servers are.  Mine are
>>         $ rpm -qa xorg-x11-serv\*
>>         xorg-x11-server-Xorg-1.0.1-9.fc5.5
>>         xorg-x11-server-utils-1.0.1-1.2
>>         xorg-x11-server-Xvfb-1.0.1-9.fc5.5
>>         xorg-x11-server-sdk-1.0.1-9.fc5.5
>>         xorg-x11-server-Xnest-1.0.1-9.fc5.5
>>         
>>
> I catch is I have been yum updates are run regularly.  It is because
> yum runs regularly that I am surprised it is not uptodate.  Other
> applications etc are updated regularly by the same process and I assume
> are uptodate.
> # rpm -qa xorg-x11-serv\*
> xorg-x11-server-utils-1.0.1-1.2
> xorg-x11-server-Xorg-1.0.1-9.fc5.5
> 

no worries mate. looks like it's patched

rpm -q --changelog xorg-x11-server-Xorg-1.0.1-9.fc5.5 | grep -i -A4 -B4 cve

* Wed Mar 15 2006 Ray Strode <rstrode redhat com> 1.0.1-9
- CVE-2006-0745 (bug 185084)

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0745



-- 
Tony Placilla, RHCT, GSEC
anthony_placilla suth com


GPG-Key-ID: 1024D/C78F8B64              http://pgp.mit.edu
Key fingerprint = A8D5 7AFF CE88 4179 C792  D9A9 F197 2A15 C78F 8B64


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]