(RHSA-2008:0503) Important: xorg-x11 security update

2008-06-1100:00:00

access.redhat.com

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

74.0%

JSON

The xorg-x11 packages contain X.Org, an open source implementation of the X
Window System. It provides the basic low-level functionality that
full-fledged graphical user interfaces are designed upon.

An input validation flaw was discovered in X.org’s Security and Record
extensions. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or, potentially, execute arbitrary code with
root privileges on the X.Org server. (CVE-2008-1377)

Multiple integer overflow flaws were found in X.org’s Render extension. A
malicious authorized client could exploit these issues to cause a denial of
service (crash) or, potentially, execute arbitrary code with root
privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)

An input validation flaw was discovered in X.org’s MIT-SHM extension. A
client connected to the X.org server could read arbitrary server memory.
This could result in the sensitive data of other users of the X.org server
being disclosed. (CVE-2008-1379)

Users of xorg-x11 should upgrade to these updated packages, which contain
backported patches to resolve these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanys390xorg-x11-deprecated-libs-devel< 6.8.2-1.EL.33.0.4xorg-x11-deprecated-libs-devel-6.8.2-1.EL.33.0.4.s390.rpm
RedHatanyppcxorg-x11-mesa-libgl< 6.8.2-1.EL.33.0.4xorg-x11-Mesa-libGL-6.8.2-1.EL.33.0.4.ppc.rpm
RedHatanyppcxorg-x11-xdm< 6.8.2-1.EL.33.0.4xorg-x11-xdm-6.8.2-1.EL.33.0.4.ppc.rpm
RedHatanyppcxorg-x11-sdk< 6.8.2-1.EL.33.0.4xorg-x11-sdk-6.8.2-1.EL.33.0.4.ppc.rpm
RedHatanys390xorg-x11-xfs< 6.8.2-1.EL.33.0.4xorg-x11-xfs-6.8.2-1.EL.33.0.4.s390.rpm
RedHatanysrcxorg-x11< 6.8.2-1.EL.33.0.4xorg-x11-6.8.2-1.EL.33.0.4.src.rpm
RedHatanyi386xorg-x11-xnest< 6.8.2-1.EL.33.0.4xorg-x11-Xnest-6.8.2-1.EL.33.0.4.i386.rpm
RedHatanyx86_64xorg-x11-xnest< 6.8.2-1.EL.33.0.4xorg-x11-Xnest-6.8.2-1.EL.33.0.4.x86_64.rpm
RedHatanyia64xorg-x11-xfs< 6.8.2-1.EL.33.0.4xorg-x11-xfs-6.8.2-1.EL.33.0.4.ia64.rpm
RedHatanyia64xorg-x11-sdk< 6.8.2-1.EL.33.0.4xorg-x11-sdk-6.8.2-1.EL.33.0.4.ia64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	s390	xorg-x11-deprecated-libs-devel	< 6.8.2-1.EL.33.0.4	xorg-x11-deprecated-libs-devel-6.8.2-1.EL.33.0.4.s390.rpm
RedHat	any	ppc	xorg-x11-mesa-libgl	< 6.8.2-1.EL.33.0.4	xorg-x11-Mesa-libGL-6.8.2-1.EL.33.0.4.ppc.rpm
RedHat	any	ppc	xorg-x11-xdm	< 6.8.2-1.EL.33.0.4	xorg-x11-xdm-6.8.2-1.EL.33.0.4.ppc.rpm
RedHat	any	ppc	xorg-x11-sdk	< 6.8.2-1.EL.33.0.4	xorg-x11-sdk-6.8.2-1.EL.33.0.4.ppc.rpm
RedHat	any	s390	xorg-x11-xfs	< 6.8.2-1.EL.33.0.4	xorg-x11-xfs-6.8.2-1.EL.33.0.4.s390.rpm
RedHat	any	src	xorg-x11	< 6.8.2-1.EL.33.0.4	xorg-x11-6.8.2-1.EL.33.0.4.src.rpm
RedHat	any	i386	xorg-x11-xnest	< 6.8.2-1.EL.33.0.4	xorg-x11-Xnest-6.8.2-1.EL.33.0.4.i386.rpm
RedHat	any	x86_64	xorg-x11-xnest	< 6.8.2-1.EL.33.0.4	xorg-x11-Xnest-6.8.2-1.EL.33.0.4.x86_64.rpm
RedHat	any	ia64	xorg-x11-xfs	< 6.8.2-1.EL.33.0.4	xorg-x11-xfs-6.8.2-1.EL.33.0.4.ia64.rpm
RedHat	any	ia64	xorg-x11-sdk	< 6.8.2-1.EL.33.0.4	xorg-x11-sdk-6.8.2-1.EL.33.0.4.ia64.rpm