Important: Red Hat Security Advisory: tigervnc and xorg-x11-server security update

An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

[SECURITY] Fedora 38 Update: ImageMagick-7.1.1.4-2.fc38

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...

tigervnc, xorg security update

CentOS Errata and Security Advisory CESA-2023:0675 An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which give...

SUSE CVE-2006-3739

Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics AFM files with a modified number of character metrics StartCharMetrics, which leads to a heap-based buffer overflow...

SUSE CVE-2007-3851

The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager DRM to write to arbitrary memory locations and gain privileges via a crafted batchbuffer...

SUSE CVE-2008-2362

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a 1 SProcRenderCreateLinearGradient, 2 SProcRenderCreateRadialGradient, or 3 SProcRenderCreateConicalGradient request with an invalid field...

SUSE CVE-2010-0732

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDKWINDOWFOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an...

SUSE CVE-2012-0064

xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab...

SUSE CVE-2012-2118

Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name...

SUSE CVE-2013-1992

Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 DMXGetScreenAttributes, 2 DMXGetWindowAttributes, and 3 DMXGetInputAttributes functions...

SUSE CVE-2013-1996

X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function...

SUSE CVE-2013-2000

Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service crash and possibly execute arbitrary code via crafted length or index values to the 1 XDGAQueryModes and 2 XDGASetMode functions...

SUSE CVE-2013-2005

X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the 1 ReqCleanup, 2 HandleSelectionEvents, 3 ReqTimedOut, 4 HandleNormal, and 5...

SUSE CVE-2013-2062

Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 XpGetAttributes, 2 XpGetOneAttribute, 3 XpGetPrinterList, and 4 XpQueryScreens functions...

SUSE CVE-2013-6424

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service crash via a negative bottom value...

SUSE CVE-2013-7439

Multiple off-by-one errors in the 1 MakeBigReq and 2 SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow...

SUSE CVE-2014-8091

X.Org X Window System aka X11 and X X11R5 and X.Org Server aka xserver and xorg-server before 1.16.3, when using SUN-DES-1 Secure RPC authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service NULL pointer dereference a...

SUSE CVE-2014-8092

Multiple integer overflows in X.Org X Window System aka X11 or X X11R1 and X.Org Server aka xserver and xorg-server before 1.16.3 allow remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via a crafted request to the 1 ProcPutImage, 2 GetHosts, 3...

SUSE CVE-2014-8097

The DBE extension in X.Org X Window System aka X11 or X X11R6.1 and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index value to the 1...

SUSE CVE-2014-8098

The GLX extension in XFree86 4.0, X.Org X Window System aka X11 or X X11R6.7, and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index valu...