Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2011-13)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120319

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2011-13)

Resumen: The remote host is missing an update for the 'xorg-x11-server' package(s) announced via the ALAS-2011-13 advisory.

Descripción: Summary:
The remote host is missing an update for the 'xorg-x11-server' package(s) announced via the ALAS-2011-13 advisory.

Vulnerability Insight:
Multiple input sanitization flaws were found in the X.Org GLX (OpenGL extension to the X Window System) extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-4818)

An input sanitization flaw was found in the X.Org Render extension. A malicious, authorized client could use this flaw to leak arbitrary memory from the X.Org server process, or possibly crash the X.Org server. (CVE-2010-4819)

Affected Software/OS:
'xorg-x11-server' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4818
RHSA-2011:1359
http://rhn.redhat.com/errata/RHSA-2011-1359.html
RHSA-2011:1360
http://rhn.redhat.com/errata/RHSA-2011-1360.html
[oss-security] 20110922 CVE Request: Missing input sanitation in various X GLX calls
http://www.openwall.com/lists/oss-security/2011/09/22/7
[oss-security] 20110923 Re: CVE Request: Missing input sanitation in various X GLX calls
http://www.openwall.com/lists/oss-security/2011/09/23/4
http://www.openwall.com/lists/oss-security/2011/09/23/6
http://cgit.freedesktop.org/xorg/xserver/commit?id=3f0d3f4d97bce75c1828635c322b6560a45a037f
http://cgit.freedesktop.org/xorg/xserver/commit?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543
http://cgit.freedesktop.org/xorg/xserver/commit?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4
https://bugs.freedesktop.org/show_bug.cgi?id=28823
https://bugzilla.redhat.com/show_bug.cgi?id=740954
Common Vulnerability Exposure (CVE) ID: CVE-2010-4819
1026149
http://securitytracker.com/id?1026149
[oss-security] 20110922 CVE Request: X.org ProcRenderGlyps input sanitation issue
http://www.openwall.com/lists/oss-security/2011/09/22/8
[oss-security] 20110923 Re: CVE Request: X.org ProcRenderGlyps input sanitation issue
http://www.openwall.com/lists/oss-security/2011/09/23/5
http://aix.software.ibm.com/aix/efixes/security/X_advisory2.asc
http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718
https://bugs.freedesktop.org/show_bug.cgi?id=28801

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120319
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2011-13)
Resumen:	The remote host is missing an update for the 'xorg-x11-server' package(s) announced via the ALAS-2011-13 advisory.
Descripción:	Summary: The remote host is missing an update for the 'xorg-x11-server' package(s) announced via the ALAS-2011-13 advisory. Vulnerability Insight: Multiple input sanitization flaws were found in the X.Org GLX (OpenGL extension to the X Window System) extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-4818) An input sanitization flaw was found in the X.Org Render extension. A malicious, authorized client could use this flaw to leak arbitrary memory from the X.Org server process, or possibly crash the X.Org server. (CVE-2010-4819) Affected Software/OS: 'xorg-x11-server' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4818 RHSA-2011:1359 http://rhn.redhat.com/errata/RHSA-2011-1359.html RHSA-2011:1360 http://rhn.redhat.com/errata/RHSA-2011-1360.html [oss-security] 20110922 CVE Request: Missing input sanitation in various X GLX calls http://www.openwall.com/lists/oss-security/2011/09/22/7 [oss-security] 20110923 Re: CVE Request: Missing input sanitation in various X GLX calls http://www.openwall.com/lists/oss-security/2011/09/23/4 http://www.openwall.com/lists/oss-security/2011/09/23/6 http://cgit.freedesktop.org/xorg/xserver/commit?id=3f0d3f4d97bce75c1828635c322b6560a45a037f http://cgit.freedesktop.org/xorg/xserver/commit?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543 http://cgit.freedesktop.org/xorg/xserver/commit?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4 https://bugs.freedesktop.org/show_bug.cgi?id=28823 https://bugzilla.redhat.com/show_bug.cgi?id=740954 Common Vulnerability Exposure (CVE) ID: CVE-2010-4819 1026149 http://securitytracker.com/id?1026149 [oss-security] 20110922 CVE Request: X.org ProcRenderGlyps input sanitation issue http://www.openwall.com/lists/oss-security/2011/09/22/8 [oss-security] 20110923 Re: CVE Request: X.org ProcRenderGlyps input sanitation issue http://www.openwall.com/lists/oss-security/2011/09/23/5 http://aix.software.ibm.com/aix/efixes/security/X_advisory2.asc http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718 https://bugs.freedesktop.org/show_bug.cgi?id=28801
Copyright	Copyright (C) 2015 Greenbone AG