CentOS Local Security Checks : CentOS: Security Advisory for xorg-x11-server-common (CESA-2020:4953)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.883288

Categoría: CentOS Local Security Checks

Título: CentOS: Security Advisory for xorg-x11-server-common (CESA-2020:4953)

Resumen: The remote host is missing an update for the 'xorg-x11-server-common'; package(s) announced via the CESA-2020:4953 advisory.

Descripción: Summary:
The remote host is missing an update for the 'xorg-x11-server-common'
package(s) announced via the CESA-2020:4953 advisory.

Vulnerability Insight:
X.Org is an open-source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.

Security Fix(es):

* xorg-x11-server: Out-of-bounds access in XkbSetNames function
(CVE-2020-14345)

* xorg-x11-server: Integer underflow in the X input extension protocol
(CVE-2020-14346)

* xorg-x11-server: XkbSelectEvents integer underflow privilege escalation
vulnerability (CVE-2020-14361)

* xorg-x11-server: XRecordRegisterClients integer underflow privilege
escalation vulnerability (CVE-2020-14362)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Affected Software/OS:
'xorg-x11-server-common' package(s) on CentOS 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-14345
https://security.gentoo.org/glsa/202012-01
https://www.zerodayinitiative.com/advisories/ZDI-20-1416/
https://bugzilla.redhat.com/show_bug.cgi?id=1862241
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
http://www.openwall.com/lists/oss-security/2021/01/15/1
https://usn.ubuntu.com/4488-2/
https://usn.ubuntu.com/4490-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-14346
https://bugzilla.redhat.com/show_bug.cgi?id=1862246
https://www.zerodayinitiative.com/advisories/ZDI-20-1417/
Common Vulnerability Exposure (CVE) ID: CVE-2020-14361
https://bugzilla.redhat.com/show_bug.cgi?id=1869142
https://www.zerodayinitiative.com/advisories/ZDI-20-1418/
Common Vulnerability Exposure (CVE) ID: CVE-2020-14362
https://bugzilla.redhat.com/show_bug.cgi?id=1869144
https://www.zerodayinitiative.com/advisories/ZDI-20-1419/

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.883288
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for xorg-x11-server-common (CESA-2020:4953)
Resumen:	The remote host is missing an update for the 'xorg-x11-server-common'; package(s) announced via the CESA-2020:4953 advisory.
Descripción:	Summary: The remote host is missing an update for the 'xorg-x11-server-common' package(s) announced via the CESA-2020:4953 advisory. Vulnerability Insight: X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: Out-of-bounds access in XkbSetNames function (CVE-2020-14345) * xorg-x11-server: Integer underflow in the X input extension protocol (CVE-2020-14346) * xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability (CVE-2020-14361) * xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability (CVE-2020-14362) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'xorg-x11-server-common' package(s) on CentOS 6. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-14345 https://security.gentoo.org/glsa/202012-01 https://www.zerodayinitiative.com/advisories/ZDI-20-1416/ https://bugzilla.redhat.com/show_bug.cgi?id=1862241 https://lists.x.org/archives/xorg-announce/2020-August/003058.html http://www.openwall.com/lists/oss-security/2021/01/15/1 https://usn.ubuntu.com/4488-2/ https://usn.ubuntu.com/4490-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-14346 https://bugzilla.redhat.com/show_bug.cgi?id=1862246 https://www.zerodayinitiative.com/advisories/ZDI-20-1417/ Common Vulnerability Exposure (CVE) ID: CVE-2020-14361 https://bugzilla.redhat.com/show_bug.cgi?id=1869142 https://www.zerodayinitiative.com/advisories/ZDI-20-1418/ Common Vulnerability Exposure (CVE) ID: CVE-2020-14362 https://bugzilla.redhat.com/show_bug.cgi?id=1869144 https://www.zerodayinitiative.com/advisories/ZDI-20-1419/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH