Lucene search

K
centosCentOS ProjectCESA-2008:0502
HistoryJun 12, 2008 - 1:26 p.m.

XFree86 security update

2008-06-1213:26:31
CentOS Project
lists.centos.org
40

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.1%

CentOS Errata and Security Advisory CESA-2008:0502

XFree86 is an implementation of the X Window System, which provides the
core functionality for the Linux graphical desktop.

An input validation flaw was discovered in X.org’s Security and Record
extensions. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or, potentially, execute arbitrary code with
root privileges on the X.Org server. (CVE-2008-1377)

Multiple integer overflow flaws were found in X.org’s Render extension. A
malicious authorized client could exploit these issues to cause a denial of
service (crash) or, potentially, execute arbitrary code with root
privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)

An input validation flaw was discovered in X.org’s MIT-SHM extension. A
client connected to the X.org server could read arbitrary server memory.
This could result in the sensitive data of other users of the X.org server
being disclosed. (CVE-2008-1379)

Users of XFree86 are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-June/077135.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077136.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077143.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077150.html

Affected packages:
XFree86
XFree86-100dpi-fonts
XFree86-75dpi-fonts
XFree86-ISO8859-14-100dpi-fonts
XFree86-ISO8859-14-75dpi-fonts
XFree86-ISO8859-15-100dpi-fonts
XFree86-ISO8859-15-75dpi-fonts
XFree86-ISO8859-2-100dpi-fonts
XFree86-ISO8859-2-75dpi-fonts
XFree86-ISO8859-9-100dpi-fonts
XFree86-ISO8859-9-75dpi-fonts
XFree86-Mesa-libGL
XFree86-Mesa-libGLU
XFree86-Xnest
XFree86-Xvfb
XFree86-base-fonts
XFree86-cyrillic-fonts
XFree86-devel
XFree86-doc
XFree86-font-utils
XFree86-libs
XFree86-libs-data
XFree86-sdk
XFree86-syriac-fonts
XFree86-tools
XFree86-truetype-fonts
XFree86-twm
XFree86-xauth
XFree86-xdm
XFree86-xfs

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0502

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.1%

Related for CESA-2008:0502