norm wrote: > On Tue, 03 Oct 2006 08:40:49 -0500 > Jeff Vian <jvian10@xxxxxxxxxxx> wrote: > >> On Mon, 2006-10-02 at 19:58 -0700, norm wrote: >>> On Tue, 03 Oct 2006 10:11:24 +0800 >>> Ed Greshko <Ed.Greshko@xxxxxxxxxxx> wrote: >>> >>>> norm wrote: >>>>> I recently ran a security scan on my system and the result in >>>>> part was The remote host is missing the patch for the advisory >>>>> FEDORA-2006-172 (xorg-x11-server). It advises me to update my >>>>> system using the latest from Fedora. To the best of my >>>>> knowledge I am running a fully patched system with >>>>> 2.6.17-1.2187_FC5. This is a vulnerability that I understand to >>>>> have been around for a while and I assume in the intervening 6 >>>>> months or so it has been patched. Does anyone know if this >>>>> vulnerability is a false positive? >>>> Is your xorg-x11-server-Xorg 1.0.1-9.fc5.5? >>>> >>> Ed >>> How do I find out if it is? From what I can figure out it is not, >>> but that is only a guess. >>> >> If you have been doing the routine yum updates then it 'should' be up >> to date. >> >> To check it run "rpm -qa xorg-x11-serv\* " and it will tell you what >> versions all the x11 servers are. Mine are >> $ rpm -qa xorg-x11-serv\* >> xorg-x11-server-Xorg-1.0.1-9.fc5.5 >> xorg-x11-server-utils-1.0.1-1.2 >> xorg-x11-server-Xvfb-1.0.1-9.fc5.5 >> xorg-x11-server-sdk-1.0.1-9.fc5.5 >> xorg-x11-server-Xnest-1.0.1-9.fc5.5 >> >> > I catch is I have been yum updates are run regularly. It is because > yum runs regularly that I am surprised it is not uptodate. Other > applications etc are updated regularly by the same process and I assume > are uptodate. > # rpm -qa xorg-x11-serv\* > xorg-x11-server-utils-1.0.1-1.2 > xorg-x11-server-Xorg-1.0.1-9.fc5.5 > no worries mate. looks like it's patched rpm -q --changelog xorg-x11-server-Xorg-1.0.1-9.fc5.5 | grep -i -A4 -B4 cve * Wed Mar 15 2006 Ray Strode <rstrode@xxxxxxxxxx> 1.0.1-9 - CVE-2006-0745 (bug 185084) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0745 -- Tony Placilla, RHCT, GSEC anthony_placilla@xxxxxxxx GPG-Key-ID: 1024D/C78F8B64 http://pgp.mit.edu Key fingerprint = A8D5 7AFF CE88 4179 C792 D9A9 F197 2A15 C78F 8B64
