Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2008:0031
HistoryJan 18, 2008 - 11:23 p.m.

xorg security update

2008-01-1823:23:09
CentOS Project
lists.centos.org
51

8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.021 Low

EPSS

Percentile

88.9%

JSON

CentOS Errata and Security Advisory CESA-2008:0031

X.Org is an open source implementation of the X Window System. It provides
basic low-level functionality that full-fledged graphical user interfaces
are designed upon.

Two integer overflow flaws were found in the X.Org server’s EVI and MIT-SHM
modules. A malicious authorized client could exploit these issues to cause
a denial of service (crash), or potentially execute arbitrary code with
root privileges on the X.Org server. (CVE-2007-6429)

A memory corruption flaw was found in the X.Org server’s XInput extension.
A malicious authorized client could exploit this issue to cause a denial of
service (crash), or potentially execute arbitrary code with root privileges
on the X.Org server. (CVE-2007-6427)

An input validation flaw was found in the X.Org server’s XFree86-Misc
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash), or potentially execute arbitrary code with
root privileges on the X.Org server. (CVE-2007-5760)

An information disclosure flaw was found in the X.Org server’s TOG-CUP
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash), or potentially view arbitrary memory content
within the X server’s address space. (CVE-2007-6428)

A flaw was found in the X.Org server’s XC-SECURITY extension, that could
have allowed a local user to verify the existence of an arbitrary file,
even in directories that are not normally accessible to that user.
(CVE-2007-5958)

Users of xorg-x11-server should upgrade to these updated packages, which
contain backported patches to resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-January/076782.html
https://lists.centos.org/pipermail/centos-announce/2008-January/076783.html
https://lists.centos.org/pipermail/centos-announce/2008-January/089543.html
https://lists.centos.org/pipermail/centos-announce/2008-January/089544.html

Affected packages:
xorg-x11-server-Xdmx
xorg-x11-server-Xephyr
xorg-x11-server-Xnest
xorg-x11-server-Xorg
xorg-x11-server-Xvfb
xorg-x11-server-sdk

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0031

OSVersionArchitecturePackageVersionFilename
CentOS5x86_64xorg-x11-server-sdk< 1.1.1-48.26.el5_1.4xorg-x11-server-sdk-1.1.1-48.26.el5_1.4.x86_64.rpm
CentOS5x86_64xorg-x11-server-xdmx< 1.1.1-48.26.el5_1.4xorg-x11-server-Xdmx-1.1.1-48.26.el5_1.4.x86_64.rpm
CentOS5x86_64xorg-x11-server-xephyr< 1.1.1-48.26.el5_1.4xorg-x11-server-Xephyr-1.1.1-48.26.el5_1.4.x86_64.rpm
CentOS5x86_64xorg-x11-server-xnest< 1.1.1-48.26.el5_1.4xorg-x11-server-Xnest-1.1.1-48.26.el5_1.4.x86_64.rpm
CentOS5x86_64xorg-x11-server-xorg< 1.1.1-48.26.el5_1.4xorg-x11-server-Xorg-1.1.1-48.26.el5_1.4.x86_64.rpm
CentOS5x86_64xorg-x11-server-xvfb< 1.1.1-48.26.el5_1.4xorg-x11-server-Xvfb-1.1.1-48.26.el5_1.4.x86_64.rpm
CentOS5i386xorg-x11-server-sdk< 1.1.1-48.26.el5_1.4xorg-x11-server-sdk-1.1.1-48.26.el5_1.4.i386.rpm
CentOS5i386xorg-x11-server-xdmx< 1.1.1-48.26.el5_1.4xorg-x11-server-Xdmx-1.1.1-48.26.el5_1.4.i386.rpm
CentOS5i386xorg-x11-server-xephyr< 1.1.1-48.26.el5_1.4xorg-x11-server-Xephyr-1.1.1-48.26.el5_1.4.i386.rpm
CentOS5i386xorg-x11-server-xnest< 1.1.1-48.26.el5_1.4xorg-x11-server-Xnest-1.1.1-48.26.el5_1.4.i386.rpm
Rows per page:
1-10 of 241

Related

openvas 37
nessus 41
oraclelinux 3
debian 3
redhat 3
fedora 2
suse 1
securityvulns 6
ubuntu 2
freebsd 1
osv 1
gentoo 1
altlinux 2
centos 3
cve 5
ubuntucve 5
prion 5
debiancve 5
veracode 5
exploitpack 1
seebug 3
packetstorm 1
exploitdb 1
openvas
openvas
Mandriva Update for x11-server-xgl MDVSA-2008:025 (x11-server-xgl)
2009-04-09 00:00:00
Mandriva Update for x11-server-xgl MDVSA-2008:025 (x11-server-xgl)
2009-04-09 00:00:00
RedHat Update for xorg-x11-server RHSA-2008:0031-01
2009-03-06 00:00:00
nessus
nessus
SuSE 10 Security Update : xorg-x11-Xnest (ZYPP Patch Number 4875)
2008-01-21 00:00:00
RHEL 5 : xorg-x11-server (RHSA-2008:0031)
2008-01-18 00:00:00
openSUSE 10 Security Update : xorg-x11-Xnest (xorg-x11-Xnest-4859)
2008-01-18 00:00:00
oraclelinux
oraclelinux
Important: xorg-x11-server security update
2008-01-17 00:00:00
Important: xorg-x11 security update
2008-01-17 00:00:00
Important: XFree86 security update
2008-01-18 00:00:00
debian
debian
[SECURITY] [DSA 1466-1] New xorg-server packages fix several vulnerabilities
2008-01-17 18:55:05
[SECURITY] [DSA 1466-3] New xfree86 packages fix regression
2008-01-21 18:53:21
[SECURITY] [DSA 1466-2] New xorg-server packages fix regression
2008-01-19 13:10:16
redhat
redhat
(RHSA-2008:0031) Important: xorg-x11-server security update
2008-01-17 00:00:00
(RHSA-2008:0030) Important: xorg-x11 security update
2008-01-17 00:00:00
(RHSA-2008:0029) Important: XFree86 security update
2008-01-18 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: xorg-x11-server-1.3.0.0-15.fc7
2008-01-22 15:49:43
[SECURITY] Fedora 8 Update: xorg-x11-server-1.3.0.0-39.fc8
2008-01-22 15:32:21
suse
suse
remote code execution in Xorg and XFree
2008-01-17 15:28:59
securityvulns
securityvulns
XFree86 / X.Org / NX multiple security vulnerabilities
2008-04-08 00:00:00
[USN-571-1] X.org vulnerabilities
2008-01-20 00:00:00
iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability
2008-01-20 00:00:00
ubuntu
ubuntu
X.org regression
2008-01-19 00:00:00
X.org vulnerabilities
2008-01-18 00:00:00
freebsd
freebsd
xorg -- multiple vulnerabilities
2008-01-18 00:00:00
osv
osv
libxfont xfree86 xorg-server - several vulnerabilities
2008-01-21 00:00:00
gentoo
gentoo
X.Org X server and Xfont library: Multiple vulnerabilities
2008-01-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package xorg-server version 2:1.4.0.90-alt5
2008-01-17 00:00:00
Security fix for the ALT Linux 10 package xorg-server version 2:1.4.0.90-alt6
2008-01-18 00:00:00
centos
centos
xorg security update
2008-01-18 01:10:07
XFree86 security update
2008-01-20 22:56:55
XFree86 security update
2008-01-18 15:04:04
cve
cve
CVE-2007-5760
2008-01-18 23:00:00
CVE-2007-6428
2008-01-18 23:00:00
CVE-2007-5958
2008-01-18 23:00:00
ubuntucve
ubuntucve
CVE-2007-5760
2008-01-18 00:00:00
CVE-2007-6428
2008-01-18 00:00:00
CVE-2007-5958
2008-01-18 00:00:00
prion
prion
Design/Logic Flaw
2008-01-18 23:00:00
Cross site request forgery (csrf)
2008-01-18 23:00:00
Design/Logic Flaw
2008-01-18 23:00:00
debiancve
debiancve
CVE-2007-5760
2008-01-18 23:00:00
CVE-2007-6428
2008-01-18 23:00:00
CVE-2007-5958
2008-01-18 23:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:24:16
Information Disclosure
2020-04-10 00:24:16
Arbitrary Code Execution
2020-04-10 00:24:16
exploitpack
exploitpack
X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
2008-02-19 00:00:00
seebug
seebug
X.Org xorg-server &lt;= 1.1.1-48.13 Probe for Files Exploit PoC
2008-02-21 00:00:00
X.Org xorg-server <= 1.1.1-48.13 - Probe for Files Exploit PoC
2014-07-01 00:00:00
X.Org X Server MIT-SHM及EVI扩展整数溢出漏洞
2008-01-22 00:00:00
packetstorm
packetstorm
xorg-disclose.txt
2008-02-20 00:00:00
exploitdb
exploitdb
X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
2008-02-19 00:00:00

8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.021 Low

EPSS

Percentile

88.9%

JSON
Related for CESA-2008:0031
openvas37nessus41oraclelinux3debian3redhat3fedora2suse1securityvulns6ubuntu2freebsd1osv1gentoo1altlinux2centos3cve5ubuntucve5prion5debiancve5veracode5exploitpack1seebug3packetstorm1exploitdb1