Test ID:	1.3.6.1.4.1.25623.1.0.61494
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-616-1 (xorg-server)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to xorg-server announced via advisory USN-616-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: Multiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges or crash X. (CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362) It was discovered that the MIT-SHM extension of X.org did not correctly validate the location of memory during an image copy. An authenticated attacker could exploit this to read arbitrary memory locations within X, exposing sensitive information. (CVE-2008-1379) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: xserver-xorg-core 1:1.0.2-0ubuntu10.13 Ubuntu 7.04: xserver-xorg-core 2:1.2.0-3ubuntu8.4 Ubuntu 7.10: xserver-xorg-core 2:1.3.0.0.dfsg-12ubuntu8.4 Ubuntu 8.04 LTS: xserver-xorg-core 2:1.4.1~ git20080131-1ubuntu9.2 After a standard system upgrade you need to restart your session to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-616-1 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1377 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html Bugtraq: 20080620 rPSA-2008-0200-1 xorg-server (Google Search) http://www.securityfocus.com/archive/1/493548/100/0/threaded Bugtraq: 20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search) http://www.securityfocus.com/archive/1/493550/100/0/threaded Debian Security Information: DSA-1595 (Google Search) http://www.debian.org/security/2008/dsa-1595 http://security.gentoo.org/glsa/glsa-200806-07.xml http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml HPdes Security Advisory: HPSBUX02381 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 HPdes Security Advisory: SSRT080083 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721 http://www.mandriva.com/security/advisories?name=MDVSA-2008:115 http://www.mandriva.com/security/advisories?name=MDVSA-2008:116 http://lists.freedesktop.org/archives/xorg/2008-June/036026.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109 RedHat Security Advisories: RHSA-2008:0502 http://rhn.redhat.com/errata/RHSA-2008-0502.html http://www.redhat.com/support/errata/RHSA-2008-0503.html RedHat Security Advisories: RHSA-2008:0504 http://rhn.redhat.com/errata/RHSA-2008-0504.html RedHat Security Advisories: RHSA-2008:0512 http://rhn.redhat.com/errata/RHSA-2008-0512.html http://securitytracker.com/id?1020247 http://secunia.com/advisories/30627 http://secunia.com/advisories/30628 http://secunia.com/advisories/30629 http://secunia.com/advisories/30630 http://secunia.com/advisories/30637 http://secunia.com/advisories/30659 http://secunia.com/advisories/30664 http://secunia.com/advisories/30666 http://secunia.com/advisories/30671 http://secunia.com/advisories/30715 http://secunia.com/advisories/30772 http://secunia.com/advisories/30809 http://secunia.com/advisories/30843 http://secunia.com/advisories/31025 http://secunia.com/advisories/31109 http://secunia.com/advisories/32099 http://secunia.com/advisories/32545 http://secunia.com/advisories/33937 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1 SuSE Security Announcement: SUSE-SA:2008:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html SuSE Security Announcement: SUSE-SR:2008:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html http://www.ubuntu.com/usn/usn-616-1 http://www.vupen.com/english/advisories/2008/1803 http://www.vupen.com/english/advisories/2008/1833 http://www.vupen.com/english/advisories/2008/1983/references http://www.vupen.com/english/advisories/2008/3000 Common Vulnerability Exposure (CVE) ID: CVE-2008-1379 BugTraq ID: 29669 http://www.securityfocus.com/bid/29669 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=722 http://www.mandriva.com/security/advisories?name=MDVSA-2008:179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8966 http://securitytracker.com/id?1020246 XForce ISS Database: xorg-fbshmputimage-information-disclosure(43016) https://exchange.xforce.ibmcloud.com/vulnerabilities/43016 Common Vulnerability Exposure (CVE) ID: CVE-2008-2360 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329 http://securitytracker.com/id?1020243 Common Vulnerability Exposure (CVE) ID: CVE-2008-2361 BugTraq ID: 29665 http://www.securityfocus.com/bid/29665 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=719 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8978 http://securitytracker.com/id?1020244 Common Vulnerability Exposure (CVE) ID: CVE-2008-2362 BugTraq ID: 29670 http://www.securityfocus.com/bid/29670 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11246 http://securitytracker.com/id?1020245
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.