Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2006-123-01
HistoryMay 03, 2006 - 3:58 p.m.

[slackware-security] xorg server overflow

2006-05-0315:58:40
Slackware Linux Project
www.slackware.com
15

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

39.8%

JSON

New xorg and xorg-devel packages are available for Slackware 10.1, 10.2,
and -current to fix a security issue. A typo in the X render extension
in X.Org 6.8.0 or later allows an X client to crash the server and
possibly to execute arbitrary code as the X server user (typically this
is “root”.)

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

https://vulners.com/cve/CVE-2006-1526

The advisory from X.Org may be found here:

http://lists.freedesktop.org/archives/xorg/2006-May/015136.html

Here are the details from the Slackware 10.2 ChangeLog:

patches/packages/x11-6.8.2-i486-5.tgz:
Patched with x11r6.9.0-mitri.diff and recompiled.
A typo in the X render extension allows an X client to crash the server
and possibly to execute arbitrary code as the X server user (typically
this is “root”.)
The CVE entry for this issue may be found here:
https://vulners.com/cve/CVE-2006-1526
The advisory from X.Org may be found here:
http://lists.freedesktop.org/archives/xorg/2006-May/015136.html
(* Security fix )
patches/packages/x11-devel-6.8.2-i486-5.tgz:
Patched and recompiled libXrender.
( Security fix *)

Where to find the new packages:

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-6.8.1-i486-5.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-devel-6.8.1-i486-5.tgz

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-6.8.2-i486-5.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-devel-6.8.2-i486-5.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-6.9.0-i486-4.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-devel-6.9.0-i486-4.tgz

MD5 signatures:

Slackware 10.1 packages:
0adae00722f78242961ebdd8e874a97e x11-6.8.1-i486-5.tgz
7e1072009150f2d02bb958fdbf8920ed x11-devel-6.8.1-i486-5.tgz

Slackware 10.2 packages:
95a228488f09978c4a3468fb027a49c8 x11-6.8.2-i486-5.tgz
86f2fe06649b2d120f8f0fb1ad76f341 x11-devel-6.8.2-i486-5.tgz

Slackware -current packages:
2aa5db26d003137c01d2688e644d0b9d x11-6.9.0-i486-4.tgz
39b4feb60a97e79100962ebec50d9208 x11-devel-6.9.0-i486-4.tgz

Installation instructions:

Upgrade the packages as root:
> upgradepkg x11-6.8.2-i486-5.tgz x11-devel-6.8.2-i486-5.tgz

Related

suse 1
openvas 8
nessus 10
altlinux 1
fedora 2
ubuntucve 1
cve 1
securityvulns 1
cert 1
centos 1
redhat 1
ubuntu 1
gentoo 1
prion 1
debiancve 1
suse
suse
local privilege escalation in xorg-x11-server
2006-05-03 10:46:28
openvas
openvas
Slackware Advisory SSA:2006-123-01 xorg server overflow
2012-09-11 00:00:00
Fedora Update for xorg-x11-server FEDORA-2007-036
2009-02-27 00:00:00
Fedora Update for xorg-x11-server FEDORA-2007-424
2009-02-27 00:00:00
nessus
nessus
GLSA-200605-02 : X.Org: Buffer overflow in XRender extension
2006-05-03 00:00:00
Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:081-1)
2006-05-13 00:00:00
Slackware 10.1 / 10.2 / current : xorg server overflow (SSA:2006-123-01)
2006-05-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package xorg-server version 1:1.0.2-alt5
2006-05-03 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: xorg-x11-server-1.0.1-9.fc5.6
2007-01-10 04:40:15
[SECURITY] Fedora Core 5 Update: xorg-x11-server-1.0.1-9.fc5.7
2007-04-10 16:49:15
ubuntucve
ubuntucve
CVE-2006-1526
2006-05-02 00:00:00
cve
cve
CVE-2006-1526
2006-05-02 21:06:00
securityvulns
securityvulns
[ GLSA 200605-02 ] X.Org: Buffer overflow in XRender extension
2006-05-03 00:00:00
cert
cert
X.Org server buffer overflow in Xrender extension
2006-06-16 00:00:00
centos
centos
xorg security update
2006-05-04 16:07:11
redhat
redhat
(RHSA-2006:0451) xorg-x11 security update
2006-05-04 00:00:00
ubuntu
ubuntu
X.org server vulnerability
2006-05-04 00:00:00
gentoo
gentoo
X.Org: Buffer overflow in XRender extension
2006-05-02 00:00:00
prion
prion
Buffer overflow
2006-05-02 21:06:00
debiancve
debiancve
CVE-2006-1526
2006-05-02 21:06:00

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

39.8%

JSON
Related for SSA-2006-123-01
suse1openvas8nessus10altlinux1fedora2ubuntucve1cve1securityvulns1cert1centos1redhat1ubuntu1gentoo1prion1debiancve1