Stephan Kulow

**Name of the Vulnerable Software and Affected Versions** XFree86-xf86cfg versions 4.1.0 through 4.2.1 XFree86-base-fonts versions 4.2.1 through 4.3.0 XFree86-font-utils versions 4.2.1 through 4.3.0 XFree86 versions 4.1.0 through 4.3.0 XFree86-Mesa-libGL versions 4.2.1 through 4.3.0 XFree86-ISO8859-9-75dpi-fonts versions 4.1.0 through 4.3.0 kdebase-devel version 3.0.5a XFree86-sdk version 4.3.0 XFree86-tools versions 4.1.0 through 4.3.0 XFree86-devel versions 4.1.0 through 4.3.0 XFree86-doc versions 4.1.0 through 4.3.0 XFree86-ISO8859-15-100dpi-fonts versions 4.1.0 through 4.3.0 XFree86-100dpi-fonts versions 4.1.0 through 4.3.0 XFree86-ISO8859-2-100dpi-fonts versions 4.1.0 through 4.3.0 XFree86-xauth versions 4.2.1 through 4.3.0 XFree86-ISO8859-15-75dpi-fonts versions 4.1.0 through 4.3.0 XFree86-ISO8859-9-100dpi-fonts versions 4.1.0 through 4.3.0 xlibosmesa3 xfonts-pex xlib6g xlib6g-dev **Description** The issue is related to multiple vulnerabilities in various packages of the XFree86 and KDE software, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. In the case of KDM in KDE 3.1.3 and earlier, the pam setcred function call is not verified, potentially allowing attackers to gain root privileges under certain conditions. **Recommendations** For XFree86-xf86cfg version 4.2.1, update to a newer version. For XFree86-base-fonts version 4.3.0, update to a newer version. For XFree86-font-utils version 4.3.0, update to a newer version. For XFree86 version 4.3.0, update to a newer version. For XFree86-Mesa-libGL version 4.3.0, update to a newer version. For XFree86-ISO8859-9-75dpi-fonts version 4.3.0, update to a newer version. For kdebase-devel version 3.0.5a, update to a newer version. For XFree86-sdk version 4.3.0, update to a newer version. For XFree86-tools version 4.3.0, update to a newer version. For XFree86-devel version 4.3.0, update to a newer version. For XFree86-doc version 4.3.0, update to a newer version. For XFree86-ISO8859-15-100dpi-fonts version 4.3.0, update to a newer version. For XFree86-100dpi-fonts version 4.3.0, update to a newer version. For XFree86-ISO8859-2-100dpi-fonts version 4.3.0, update to a newer version. For XFree86-xauth version 4.3.0, update to a newer version. For XFree86-ISO8859-15-75dpi-fonts version 4.3.0, update to a newer version. For XFree86-ISO8859-9-100dpi-fonts version 4.3.0, update to a newer version. For xlibosmesa3, update to a newer version. For xfonts-pex, update to a newer version. For xlib6g, update to a newer version. For xlib6g-dev, update to a newer version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.