English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61155
Category:Fedora Local Security Checks
Title:Fedora Core 9 FEDORA-2008-5254 (xorg-x11-server)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to xorg-x11-server
announced via advisory FEDORA-2008-5254.

X.Org X11 X server

Update Information:

For further details, see X.org security advisory:
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
ChangeLog:

* Thu Jun 12 2008 Dave Airlie 1.4.99.902-3.20080612
- xserver-1.5.0-fix-single-aspect.patch - fix 2560x1600 on my monitor.
* Thu Jun 12 2008 Dave Airlie 1.4.99.902-2.20080612
- cve-2008-1377: Record and Security Extension Input validation
- cve-2008-1379: MIT-SHM extension Input Validation flaw
- cve-2008-2360: Render AllocateGlyph extension Integer overflows
- cve-2008-2361: Render CreateCursor extension Integer overflows
- cve-2008-2362: Render Gradient extension Integer overflows
- Rebase to 1.5 head for security patches for above
* Mon Jun 9 2008 Adam Jackson 1.4.99.902-1.20080609
- Today's git snapshot.

References:

[ 1 ] Bug #448783 - CVE-2008-2360 X.org Render extension AllocateGlyph() heap buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=448783
[ 2 ] Bug #448784 - CVE-2008-2361 X.org Render extension ProcRenderCreateCursor() crash
https://bugzilla.redhat.com/show_bug.cgi?id=448784
[ 3 ] Bug #448785 - CVE-2008-2362 X.org Render extension input validation flaw causing memory corruption
https://bugzilla.redhat.com/show_bug.cgi?id=448785
[ 4 ] Bug #445414 - CVE-2008-1379 X.org MIT-SHM extension arbitrary memory read
https://bugzilla.redhat.com/show_bug.cgi?id=445414
[ 5 ] Bug #445403 - CVE-2008-1377 X.org Record and Security extensions memory corruption
https://bugzilla.redhat.com/show_bug.cgi?id=445403

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update xorg-x11-server' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-5254

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-2360
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Bugtraq: 20080620 rPSA-2008-0200-1 xorg-server (Google Search)
http://www.securityfocus.com/archive/1/493548/100/0/threaded
Bugtraq: 20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
http://www.securityfocus.com/archive/1/493550/100/0/threaded
Debian Security Information: DSA-1595 (Google Search)
http://www.debian.org/security/2008/dsa-1595
http://security.gentoo.org/glsa/glsa-200806-07.xml
http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718
http://www.mandriva.com/security/advisories?name=MDVSA-2008:115
http://www.mandriva.com/security/advisories?name=MDVSA-2008:116
http://www.mandriva.com/security/advisories?name=MDVSA-2008:179
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329
RedHat Security Advisories: RHSA-2008:0502
http://rhn.redhat.com/errata/RHSA-2008-0502.html
http://www.redhat.com/support/errata/RHSA-2008-0503.html
RedHat Security Advisories: RHSA-2008:0504
http://rhn.redhat.com/errata/RHSA-2008-0504.html
RedHat Security Advisories: RHSA-2008:0512
http://rhn.redhat.com/errata/RHSA-2008-0512.html
http://securitytracker.com/id?1020243
http://secunia.com/advisories/30627
http://secunia.com/advisories/30628
http://secunia.com/advisories/30629
http://secunia.com/advisories/30630
http://secunia.com/advisories/30637
http://secunia.com/advisories/30659
http://secunia.com/advisories/30664
http://secunia.com/advisories/30666
http://secunia.com/advisories/30671
http://secunia.com/advisories/30715
http://secunia.com/advisories/30772
http://secunia.com/advisories/30809
http://secunia.com/advisories/30843
http://secunia.com/advisories/31025
http://secunia.com/advisories/31109
http://secunia.com/advisories/32099
http://secunia.com/advisories/33937
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
SuSE Security Announcement: SUSE-SA:2008:027 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
SuSE Security Announcement: SUSE-SR:2008:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://www.ubuntu.com/usn/usn-616-1
http://www.vupen.com/english/advisories/2008/1803
http://www.vupen.com/english/advisories/2008/1833
http://www.vupen.com/english/advisories/2008/1983/references
Common Vulnerability Exposure (CVE) ID: CVE-2008-2361
BugTraq ID: 29665
http://www.securityfocus.com/bid/29665
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=719
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8978
http://securitytracker.com/id?1020244
Common Vulnerability Exposure (CVE) ID: CVE-2008-2362
BugTraq ID: 29670
http://www.securityfocus.com/bid/29670
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11246
http://securitytracker.com/id?1020245
Common Vulnerability Exposure (CVE) ID: CVE-2008-1379
BugTraq ID: 29669
http://www.securityfocus.com/bid/29669
HPdes Security Advisory: HPSBUX02381
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
HPdes Security Advisory: SSRT080083
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=722
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8966
http://securitytracker.com/id?1020246
http://secunia.com/advisories/32545
http://www.vupen.com/english/advisories/2008/3000
XForce ISS Database: xorg-fbshmputimage-information-disclosure(43016)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43016
Common Vulnerability Exposure (CVE) ID: CVE-2008-1377
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109
http://securitytracker.com/id?1020247
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.