Gentoo Security Advisory GLSA 200701-25 (X.Org)

The remote host is missing updates announced in advisory GLSA 200701-25. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Integer overflow

Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow...

DEBIAN-CVE-2008-2361

Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service daemon crash via unspecified request fields that are used to calculate a glyph buffer size, which triggers a...

CVE-2008-2362

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a 1 SProcRenderCreateLinearGradient, 2 SProcRenderCreateRadialGradient, or 3 SProcRenderCreateConicalGradient request with an invalid field...

Integer overflow

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a 1 SProcRenderCreateLinearGradient, 2 SProcRenderCreateRadialGradient, or 3 SProcRenderCreateConicalGradient request with an invalid field...

DEBIAN-CVE-2008-2362

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a 1 SProcRenderCreateLinearGradient, 2 SProcRenderCreateRadialGradient, or 3 SProcRenderCreateConicalGradient request with an invalid field...

DEBIAN-CVE-2008-2360

Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow...

CVE-2008-2361

Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service daemon crash via unspecified request fields that are used to calculate a glyph buffer size, which triggers a...

CVE-2008-2360

Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow...

CVE-2008-2362

CVE-2008-2362 describes multiple integer overflows in the X.Org X server Render extension (X.Org X11R7.3) that can enable heap memory corruption via invalid fields in SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient, or SProcRenderCreateConicalGradient requests. The vulnerability ...

CVE-2008-2361

Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service daemon crash via unspecified request fields that are used to calculate a glyph buffer size, which triggers a...

CVE-2008-2361

CVE-2008-2361 describes an integer overflow in ProcRenderCreateCursor in the X.Org X server’s Render extension (X11R7.3). A context-dependent attacker could trigger a heap-related dereference via crafted request fields that influence the glyph buffer size, leading to a denial of service (daemon c...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : xorg-server vulnerabilities (USN-616-1)

Multiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges or crash X. CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362 It...

X.Org X server RENDER扩展ProcRenderCreateCursor()拒绝服务漏洞

BUGTRAQ ID: 29665 CVECAN ID: CVE-2008-2361 Xorg X Server是多个厂商操作系统中所捆绑的X窗口系统显示服务器。 X.Org X Server的RENDER扩展中的ProcRenderCreateCursor函数在解析客户端请求时直接将请求中的值用于计算动态缓冲区的大小。这个计算中可能出现整数溢出，导致分配不充分的缓冲区和访问无效内存，X Server可能会崩溃。...

USN-616-1: X.org vulnerabilities

Multiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges or crash X. CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362 It...

iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability

iDefense Security Advisory 06.11.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 11, 2008 I. BACKGROUND The X Window System is a graphical windowing system based on a client/server model. The Render extension is used to provide Porter-Duff image compositing for the X server. It is...

iDefense Security Advisory 06.11.08: Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability

iDefense Security Advisory 06.11.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 11, 2008 I. BACKGROUND The X Window System is a graphical windowing system based on a client/server model. The Render extension is used to provide Porter-Duff image compositing for the X server. It is...

openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-5316)

This update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and...

RHEL 4 : xorg-x11 (RHSA-2008:0503)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0503 advisory. - X.org Record and Security extensions memory corruption CVE-2008-1377 - X.org MIT-SHM extension arbitrary memory read CVE-2008-1379 - X.org...

SuSE 10 Security Update : X.org (ZYPP Patch Number 5321)

This update fixes multiple vulnerabilities reported by iDefense : - RENDER Extension heap buffer overflow. CVE-2008-2360 - RENDER Extension crash. CVE-2008-2361 - RENDER Extension memory corruption. CVE-2008-2362 - MIT-SHM arbitrary memory read. CVE-2008-1379 - RECORD and Security extensions memo...