xorg security update

2008-06-14T14:10:49
ID CESA-2008:0503
Type centos
Reporter CentOS Project
Modified 2008-06-27T10:10:29

Description

CentOS Errata and Security Advisory CESA-2008:0503

The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

An input validation flaw was discovered in X.org's Security and Record extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-1377)

Multiple integer overflow flaws were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)

An input validation flaw was discovered in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory. This could result in the sensitive data of other users of the X.org server being disclosed. (CVE-2008-1379)

Users of xorg-x11 should upgrade to these updated packages, which contain backported patches to resolve these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2008-June/014985.html http://lists.centos.org/pipermail/centos-announce/2008-June/014987.html http://lists.centos.org/pipermail/centos-announce/2008-June/015044.html http://lists.centos.org/pipermail/centos-announce/2008-June/015045.html

Affected packages: xorg-x11 xorg-x11-Mesa-libGL xorg-x11-Mesa-libGLU xorg-x11-Xdmx xorg-x11-Xnest xorg-x11-Xvfb xorg-x11-deprecated-libs xorg-x11-deprecated-libs-devel xorg-x11-devel xorg-x11-doc xorg-x11-font-utils xorg-x11-libs xorg-x11-sdk xorg-x11-tools xorg-x11-twm xorg-x11-xauth xorg-x11-xdm xorg-x11-xfs

Upstream details at: https://rhn.redhat.com/errata/RHSA-2008-0503.html