9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
80.3%
CentOS Errata and Security Advisory CESA-2008:0503
The xorg-x11 packages contain X.Org, an open source implementation of the X
Window System. It provides the basic low-level functionality that
full-fledged graphical user interfaces are designed upon.
An input validation flaw was discovered in X.org’s Security and Record
extensions. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or, potentially, execute arbitrary code with
root privileges on the X.Org server. (CVE-2008-1377)
Multiple integer overflow flaws were found in X.org’s Render extension. A
malicious authorized client could exploit these issues to cause a denial of
service (crash) or, potentially, execute arbitrary code with root
privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)
An input validation flaw was discovered in X.org’s MIT-SHM extension. A
client connected to the X.org server could read arbitrary server memory.
This could result in the sensitive data of other users of the X.org server
being disclosed. (CVE-2008-1379)
Users of xorg-x11 should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-June/077147.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077149.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077206.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077207.html
Affected packages:
xorg-x11
xorg-x11-Mesa-libGL
xorg-x11-Mesa-libGLU
xorg-x11-Xdmx
xorg-x11-Xnest
xorg-x11-Xvfb
xorg-x11-deprecated-libs
xorg-x11-deprecated-libs-devel
xorg-x11-devel
xorg-x11-doc
xorg-x11-font-utils
xorg-x11-libs
xorg-x11-sdk
xorg-x11-tools
xorg-x11-twm
xorg-x11-xauth
xorg-x11-xdm
xorg-x11-xfs
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0503
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | xorg-x11 | < 6.8.2-1.EL.33.0.4 | xorg-x11-6.8.2-1.EL.33.0.4.ia64.rpm |
CentOS | 4 | ia64 | xorg-x11-mesa-libgl | < 6.8.2-1.EL.33.0.4 | xorg-x11-Mesa-libGL-6.8.2-1.EL.33.0.4.ia64.rpm |
CentOS | 4 | ia64 | xorg-x11-mesa-libglu | < 6.8.2-1.EL.33.0.4 | xorg-x11-Mesa-libGLU-6.8.2-1.EL.33.0.4.ia64.rpm |
CentOS | 4 | ia64 | xorg-x11-xdmx | < 6.8.2-1.EL.33.0.4 | xorg-x11-Xdmx-6.8.2-1.EL.33.0.4.ia64.rpm |
CentOS | 4 | ia64 | xorg-x11-xnest | < 6.8.2-1.EL.33.0.4 | xorg-x11-Xnest-6.8.2-1.EL.33.0.4.ia64.rpm |
CentOS | 4 | ia64 | xorg-x11-xvfb | < 6.8.2-1.EL.33.0.4 | xorg-x11-Xvfb-6.8.2-1.EL.33.0.4.ia64.rpm |
CentOS | 4 | ia64 | xorg-x11-deprecated-libs | < 6.8.2-1.EL.33.0.4 | xorg-x11-deprecated-libs-6.8.2-1.EL.33.0.4.ia64.rpm |
CentOS | 4 | ia64 | xorg-x11-deprecated-libs-devel | < 6.8.2-1.EL.33.0.4 | xorg-x11-deprecated-libs-devel-6.8.2-1.EL.33.0.4.ia64.rpm |
CentOS | 4 | ia64 | xorg-x11-devel | < 6.8.2-1.EL.33.0.4 | xorg-x11-devel-6.8.2-1.EL.33.0.4.ia64.rpm |
CentOS | 4 | ia64 | xorg-x11-doc | < 6.8.2-1.EL.33.0.4 | xorg-x11-doc-6.8.2-1.EL.33.0.4.ia64.rpm |