xorg security update

2007-09-1920:09:53

CentOS Project

lists.centos.org

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

16.0%

JSON

CentOS Errata and Security Advisory CESA-2007:0898

X.org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.

A flaw was found in the way X.Org’s composite extension handles 32 bit
color depth windows while running in 16 bit color depth mode. If an X.org
server has enabled the composite extension, it may be possible for a
malicious authorized client to cause a denial of service (crash) or
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-4730)

Please note this flaw can only be triggered when using a compositing window
manager. Red Hat Enterprise Linux 4 does not ship with a compositing window
manager.

Users of X.org should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-September/076375.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076376.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076393.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076394.html

Affected packages:
xorg-x11
xorg-x11-Mesa-libGL
xorg-x11-Mesa-libGLU
xorg-x11-Xdmx
xorg-x11-Xnest
xorg-x11-Xvfb
xorg-x11-deprecated-libs
xorg-x11-deprecated-libs-devel
xorg-x11-devel
xorg-x11-doc
xorg-x11-font-utils
xorg-x11-libs
xorg-x11-sdk
xorg-x11-tools
xorg-x11-twm
xorg-x11-xauth
xorg-x11-xdm
xorg-x11-xfs

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0898

OSVersionArchitecturePackageVersionFilename
CentOS4ia64xorg-x11< 6.8.2-1.EL.31xorg-x11-6.8.2-1.EL.31.ia64.rpm
CentOS4ia64xorg-x11-mesa-libgl< 6.8.2-1.EL.31xorg-x11-Mesa-libGL-6.8.2-1.EL.31.ia64.rpm
CentOS4ia64xorg-x11-mesa-libglu< 6.8.2-1.EL.31xorg-x11-Mesa-libGLU-6.8.2-1.EL.31.ia64.rpm
CentOS4ia64xorg-x11-xdmx< 6.8.2-1.EL.31xorg-x11-Xdmx-6.8.2-1.EL.31.ia64.rpm
CentOS4ia64xorg-x11-xnest< 6.8.2-1.EL.31xorg-x11-Xnest-6.8.2-1.EL.31.ia64.rpm
CentOS4ia64xorg-x11-xvfb< 6.8.2-1.EL.31xorg-x11-Xvfb-6.8.2-1.EL.31.ia64.rpm
CentOS4ia64xorg-x11-deprecated-libs< 6.8.2-1.EL.31xorg-x11-deprecated-libs-6.8.2-1.EL.31.ia64.rpm
CentOS4ia64xorg-x11-deprecated-libs-devel< 6.8.2-1.EL.31xorg-x11-deprecated-libs-devel-6.8.2-1.EL.31.ia64.rpm
CentOS4ia64xorg-x11-devel< 6.8.2-1.EL.31xorg-x11-devel-6.8.2-1.EL.31.ia64.rpm
CentOS4ia64xorg-x11-doc< 6.8.2-1.EL.31xorg-x11-doc-6.8.2-1.EL.31.ia64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	4	ia64	xorg-x11	< 6.8.2-1.EL.31	xorg-x11-6.8.2-1.EL.31.ia64.rpm
CentOS	4	ia64	xorg-x11-mesa-libgl	< 6.8.2-1.EL.31	xorg-x11-Mesa-libGL-6.8.2-1.EL.31.ia64.rpm
CentOS	4	ia64	xorg-x11-mesa-libglu	< 6.8.2-1.EL.31	xorg-x11-Mesa-libGLU-6.8.2-1.EL.31.ia64.rpm
CentOS	4	ia64	xorg-x11-xdmx	< 6.8.2-1.EL.31	xorg-x11-Xdmx-6.8.2-1.EL.31.ia64.rpm
CentOS	4	ia64	xorg-x11-xnest	< 6.8.2-1.EL.31	xorg-x11-Xnest-6.8.2-1.EL.31.ia64.rpm
CentOS	4	ia64	xorg-x11-xvfb	< 6.8.2-1.EL.31	xorg-x11-Xvfb-6.8.2-1.EL.31.ia64.rpm
CentOS	4	ia64	xorg-x11-deprecated-libs	< 6.8.2-1.EL.31	xorg-x11-deprecated-libs-6.8.2-1.EL.31.ia64.rpm
CentOS	4	ia64	xorg-x11-deprecated-libs-devel	< 6.8.2-1.EL.31	xorg-x11-deprecated-libs-devel-6.8.2-1.EL.31.ia64.rpm
CentOS	4	ia64	xorg-x11-devel	< 6.8.2-1.EL.31	xorg-x11-devel-6.8.2-1.EL.31.ia64.rpm
CentOS	4	ia64	xorg-x11-doc	< 6.8.2-1.EL.31	xorg-x11-doc-6.8.2-1.EL.31.ia64.rpm