7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
7.1 High
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
82.8%
CentOS Errata and Security Advisory CESA-2010:0382
X.Org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.
An incorrect calculation flaw was discovered in the X.Org Render extension.
A malicious, authorized client could exploit this issue to crash the X.Org
server or, potentially, execute arbitrary code with root privileges.
(CVE-2010-1166)
Users of xorg-x11-server should upgrade to these updated packages, which
contain a backported patch to resolve this issue. All running X.Org server
instances must be restarted for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-May/078811.html
https://lists.centos.org/pipermail/centos-announce/2010-May/078813.html
Affected packages:
xorg-x11-server-Xdmx
xorg-x11-server-Xephyr
xorg-x11-server-Xnest
xorg-x11-server-Xorg
xorg-x11-server-Xvfb
xorg-x11-server-Xvnc-source
xorg-x11-server-sdk
Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0382