 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.881361 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for xorg-x11-server-sdk CESA-2011:1359 centos5 x86_64 |
| Summary: | The remote host is missing an update for the 'xorg-x11-server-sdk'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'xorg-x11-server-sdk' package(s) announced via the referenced advisory. Vulnerability Insight: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX (OpenGL extension to the X Window System) extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-4818) An input sanitization flaw was found in the X.Org Render extension. A malicious, authorized client could use this flaw to leak arbitrary memory from the X.Org server process, or possibly crash the X.Org server. (CVE-2010-4819) Users of xorg-x11-server should upgrade to these updated packages, which contain backported patches to resolve these issues. All running X.Org server instances must be restarted for this update to take effect. Affected Software/OS: xorg-x11-server-sdk on CentOS 5 Solution: Please install the updated packages. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4818 RHSA-2011:1359 http://rhn.redhat.com/errata/RHSA-2011-1359.html RHSA-2011:1360 http://rhn.redhat.com/errata/RHSA-2011-1360.html [oss-security] 20110922 CVE Request: Missing input sanitation in various X GLX calls http://www.openwall.com/lists/oss-security/2011/09/22/7 [oss-security] 20110923 Re: CVE Request: Missing input sanitation in various X GLX calls http://www.openwall.com/lists/oss-security/2011/09/23/4 http://www.openwall.com/lists/oss-security/2011/09/23/6 http://cgit.freedesktop.org/xorg/xserver/commit?id=3f0d3f4d97bce75c1828635c322b6560a45a037f http://cgit.freedesktop.org/xorg/xserver/commit?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543 http://cgit.freedesktop.org/xorg/xserver/commit?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4 https://bugs.freedesktop.org/show_bug.cgi?id=28823 https://bugzilla.redhat.com/show_bug.cgi?id=740954 Common Vulnerability Exposure (CVE) ID: CVE-2010-4819 1026149 http://securitytracker.com/id?1026149 [oss-security] 20110922 CVE Request: X.org ProcRenderGlyps input sanitation issue http://www.openwall.com/lists/oss-security/2011/09/22/8 [oss-security] 20110923 Re: CVE Request: X.org ProcRenderGlyps input sanitation issue http://www.openwall.com/lists/oss-security/2011/09/23/5 http://aix.software.ibm.com/aix/efixes/security/X_advisory2.asc http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718 https://bugs.freedesktop.org/show_bug.cgi?id=28801 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |