Slackware Linux ProjectSSA-2008-183-01[slackware-security] xorg-server
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.018 Low
EPSS
Percentile
88.0%
New xorg-server packages are available for Slackware 12.1 and -current to
fix security issues in xorg-server 1.4 prior to version 1.4.2.
More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
https://vulners.com/cve/CVE-2008-1377
https://vulners.com/cve/CVE-2008-1379
https://vulners.com/cve/CVE-2008-2360
https://vulners.com/cve/CVE-2008-2361
https://vulners.com/cve/CVE-2008-2362
Here are the details from the Slackware 12.1 ChangeLog:
patches/packages/xorg-server-1.4.2-i486-1_slack12.1.tgz:
Upgraded xorg-server to address denial of service and possible arbitrary
code execution flaws reported in xorg-server 1.4 prior to 1.4.2.
For more information about the issues patched, please refer to:
https://vulners.com/cve/CVE-2008-1377
https://vulners.com/cve/CVE-2008-1379
https://vulners.com/cve/CVE-2008-2360
https://vulners.com/cve/CVE-2008-2361
https://vulners.com/cve/CVE-2008-2362
(* Security fix )
patches/packages/xorg-server-xnest-1.4.2-i486-1_slack12.1.tgz:
Security fixes (see CVE entries above).
( Security fix )
patches/packages/xorg-server-xvfb-1.4.2-i486-1_slack12.1.tgz:
Security fixes (see CVE entries above).
( Security fix *)
Where to find the new packages:
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xorg-server-1.4.2-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xorg-server-xnest-1.4.2-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xorg-server-xvfb-1.4.2-i486-1_slack12.1.tgz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.4.2-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.4.2-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.4.2-i486-1.tgz
MD5 signatures:
Slackware 12.1 packages:
4f53f4f232f614f43ff8455602bb3391 xorg-server-1.4.2-i486-1_slack12.1.tgz
7a9b6e3801c08d6d1839b68dd9715e9e xorg-server-xnest-1.4.2-i486-1_slack12.1.tgz
1a1b00c1867d81369d167933229e9284 xorg-server-xvfb-1.4.2-i486-1_slack12.1.tgz
Slackware -current packages:
a8e1298855bbf08217343a7aa8776b0f xorg-server-1.4.2-i486-1.tgz
64491ebde2bf1f15240c36921aa965ba xorg-server-xnest-1.4.2-i486-1.tgz
e2eec7d598adee8e2bf4359868b2670f xorg-server-xvfb-1.4.2-i486-1.tgz
Installation instructions:
Upgrade the packages as root:
> upgradepkg xorg-server-1.4.2-i486-1_slack12.1.tgz xorg-server-xnest-1.4.2-i486-1_slack12.1.tgz xorg-server-xvfb-1.4.2-i486-1_slack12.1.tgz
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.018 Low
EPSS
Percentile
88.0%