6.8 - RHSA-2014:1436

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	X11 client libraries security, bug fix, and enhancement update

Informations
Name	RHSA-2014:1436	First vendor Publication	2014-10-14
Vendor	RedHat	Last vendor Modification	2014-10-14
Severity (Vendor)	Moderate	Revision	02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated X11 client libraries packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64

3. Description:

The X11 (Xorg) libraries provide library routines that are used within all X Window applications.

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system. (CVE-2013-1981, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-2003, CVE-2013-2062, CVE-2013-2064)

Multiple array index errors, leading to heap-based buffer out-of-bounds write flaws, were found in the way various X11 client libraries handled data returned from an X11 server. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2066)

A buffer overflow flaw was found in the way the XListInputDevices() function of X.Org X11's libXi runtime library handled signed numbers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1995)

A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-2005)

Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file. (CVE-2013-2004)

The xkeyboard-config package has been upgraded to upstream version 2.11, which provides a number of bug fixes and enhancements over the previous version. (BZ#1077471)

This update also fixes the following bugs:

* Previously, updating the mesa-libGL package did not update the libX11 package, although it was listed as a dependency of mesa-libGL. This bug has been fixed and updating mesa-libGL now updates all dependent packages as expected. (BZ#1054614)

* Previously, closing a customer application could occasionally cause the X Server to terminate unexpectedly. After this update, the X Server no longer hangs when a user closes a customer application. (BZ#971626)

All X11 client libraries users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

959040 - CVE-2013-1981 libX11: Multiple integer overflows leading to heap-based buffer-overflows 959046 - CVE-2013-1982 libXext: Multiple integer overflows leading to heap-based buffer-overflows 959048 - CVE-2013-1983 libXfixes: Integer overflow leading to heap-based buffer overflow 959049 - CVE-2013-1984 libXi: Multiple integer overflows leading to heap-based buffer-overflows 959056 - CVE-2013-1985 libXinerama: Integer overflow leading to heap-based buffer overflow 959059 - CVE-2013-1986 libXrandr: Multiple integer overflows leading to heap-based bufer overflows 959061 - CVE-2013-1987 libXrender: Multiple integer overflows leading to heap-based bufer overflows 959066 - CVE-2013-1988 libXRes: Multiple integer overflows leading to heap-based bufer overflows 959068 - CVE-2013-1989 libXv: Multiple integer overflows leading to heap-based bufer overflows 959070 - CVE-2013-1990 libXvMC: Multiple integer overflows leading to heap-based buffer overflows 959072 - CVE-2013-1991 libXxf86dga: Multiple integer overflows leading to heap-based buffer overflows 959077 - CVE-2013-2003 libXcursor: Integer overflow leading to heap-based buffer overflow 959108 - CVE-2013-2005 libXt: Memory corruption due to unchecked use of unchecked function pointers 959112 - CVE-2013-2004 libX11: unbounded recursion leading to stack-overflow 960345 - CVE-2013-1997 libX11: Multiple Array Index error leading to heap-based OOB write 960346 - CVE-2013-1998 libXi: Multiple Array Index error leading to heap-based OOB write 960347 - CVE-2013-1999 libXvMC: Array Index error leading to heap-based OOB write 960349 - CVE-2013-2000 libXxf86dga: Array Index error leading to heap-based OOB write 960350 - CVE-2013-2001 libXxf86vm: Multiple Array Index error leading to heap-based OOB write 960352 - CVE-2013-2002 libXt: Array Index error leading to heap-based OOB write 960357 - CVE-2013-1995 libXi: Sign extension issues resulting in heap-based buffer overflow 960362 - CVE-2013-2062 libXp: Integer overflow leading to heap-based buffer overflow 960367 - CVE-2013-2064 libxcb: Integer overflow leading to heap-based buffer overflow 960369 - CVE-2013-2066 libXv: Array Index error leading to heap-based OOB write 971626 - Closing an in-house app can occasionally hang the X server 1119322 - %{dist} found instead of %{?dist} in: libXi-1.7.2-2.1.el6.src.rpm.spec

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2014-1436.html

CWE : Common Weakness Enumeration

%	Id	Name
58 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
38 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
4 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:16397

Oval ID:	oval:org.mitre.oval:def:16397
Title:	USN-1867-1 -- libxv vulnerabilities
Description:	Several security issues were fixed in libxv.
Family:	unix	Class:	patch
Reference(s):	usn-1867-1 CVE-2013-1989 CVE-2013-2066	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04	Product(s):	libxv
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxv1 DPKG is earlier than 2:1.0.7-1ubuntu0.12.10.1 OR Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxv1 DPKG is earlier than 2:1.0.7-1ubuntu0.13.04.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxv1 DPKG is earlier than 2:1.0.6-2ubuntu0.1

Definition Id: oval:org.mitre.oval:def:16421

Oval ID:	oval:org.mitre.oval:def:16421
Title:	USN-1869-1 -- libxxf86dga vulnerabilities
Description:	Several security issues were fixed in libxxf86dga.
Family:	unix	Class:	patch
Reference(s):	usn-1869-1 CVE-2013-1991 CVE-2013-2000	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04	Product(s):	libxxf86dga
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxxf86dga1 DPKG is earlier than 2:1.1.3-2ubuntu0.12.10.1 OR Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxxf86dga1 DPKG is earlier than 2:1.1.3-2ubuntu0.13.04.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxxf86dga1 DPKG is earlier than 2:1.1.2-1ubuntu0.1

Definition Id: oval:org.mitre.oval:def:16607

Oval ID:	oval:org.mitre.oval:def:16607
Title:	USN-1863-1 -- libxrender vulnerability
Description:	Several security issues were fixed in libxrender.
Family:	unix	Class:	patch
Reference(s):	usn-1863-1 CVE-2013-1987	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04	Product(s):	libxrender
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxrender1 DPKG is earlier than 1:0.9.7-1ubuntu0.12.10.1 OR Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxrender1 DPKG is earlier than 1:0.9.7-1ubuntu0.13.04.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxrender1 DPKG is earlier than 1:0.9.6-2ubuntu0.1 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND libxrender1 DPKG is earlier than 1:0.9.5-1ubuntu0.1

Definition Id: oval:org.mitre.oval:def:16773

Oval ID:	oval:org.mitre.oval:def:16773
Title:	USN-1858-1 -- libxfixes vulnerability
Description:	Several security issues were fixed in libxfixes.
Family:	unix	Class:	patch
Reference(s):	usn-1858-1 CVE-2013-1983	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04	Product(s):	libxfixes
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxfixes3 DPKG is earlier than 1:5.0-4ubuntu5.12.10.1 OR Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxfixes3 DPKG is earlier than 1:5.0-4ubuntu5.13.04.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxfixes3 DPKG is earlier than 1:5.0-4ubuntu4.1

Definition Id: oval:org.mitre.oval:def:16785

Oval ID:	oval:org.mitre.oval:def:16785
Title:	USN-1862-1 -- libxrandr vulnerability
Description:	Several security issues were fixed in libxrandr.
Family:	unix	Class:	patch
Reference(s):	usn-1862-1 CVE-2013-1986	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04	Product(s):	libxrandr libxrandr-lts-quantal
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxrandr2 DPKG is earlier than 2:1.4.0-1ubuntu0.1 OR Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxrandr2 DPKG is earlier than 2:1.4.0-1ubuntu1.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND Packages section libxrandr2 DPKG is earlier than 2:1.3.2-2ubuntu0.2 AND libxrandr-ltsq2 DPKG is earlier than 2:1.4.0-1~precise2

Definition Id: oval:org.mitre.oval:def:16944

Oval ID:	oval:org.mitre.oval:def:16944
Title:	USN-1864-1 -- libxres vulnerabilities
Description:	Several security issues were fixed in libxres.
Family:	unix	Class:	patch
Reference(s):	usn-1864-1 CVE-2013-1988	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04	Product(s):	libxres
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxres1 DPKG is earlier than 2:1.0.6-1ubuntu0.12.10.1 OR Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxres1 DPKG is earlier than 2:1.0.6-1ubuntu0.13.04.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxres1 DPKG is earlier than 2:1.0.5-1ubuntu0.1

Definition Id: oval:org.mitre.oval:def:17140

Oval ID:	oval:org.mitre.oval:def:17140
Title:	USN-1870-1 -- libxxf86vm vulnerability
Description:	Several security issues were fixed in libxxf86vm.
Family:	unix	Class:	patch
Reference(s):	usn-1870-1 CVE-2013-2001	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04	Product(s):	libxxf86vm
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxxf86vm1 DPKG is earlier than 1:1.1.2-1ubuntu0.12.10.1 OR Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxxf86vm1 DPKG is earlier than 1:1.1.2-1ubuntu0.13.04.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxxf86vm1 DPKG is earlier than 1:1.1.1-2ubuntu0.1 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND libxxf86vm1 DPKG is earlier than 1:1.1.0-2ubuntu0.1

Definition Id: oval:org.mitre.oval:def:17160

Oval ID:	oval:org.mitre.oval:def:17160
Title:	USN-1861-1 -- libxp vulnerability
Description:	Several security issues were fixed in libxp.
Family:	unix	Class:	patch
Reference(s):	usn-1861-1 CVE-2013-2062	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04	Product(s):	libxp
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxp6 DPKG is earlier than 1:1.0.1-2ubuntu0.12.10.1 OR Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxp6 DPKG is earlier than 1:1.0.1-2ubuntu0.13.04.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxp6 DPKG is earlier than 1:1.0.1-2ubuntu0.12.04.1

Definition Id: oval:org.mitre.oval:def:17209

Oval ID:	oval:org.mitre.oval:def:17209
Title:	USN-1868-1 -- libxvmc vulnerabilities
Description:	Several security issues were fixed in libxvmc.
Family:	unix	Class:	patch
Reference(s):	usn-1868-1 CVE-2013-1990 CVE-2013-1999	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04	Product(s):	libxvmc
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxvmc1 DPKG is earlier than 2:1.0.7-1ubuntu1.12.10.1 OR Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxvmc1 DPKG is earlier than 2:1.0.7-1ubuntu1.13.04.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxvmc1 DPKG is earlier than 2:1.0.6-1ubuntu2.1

Definition Id: oval:org.mitre.oval:def:17213

Oval ID:	oval:org.mitre.oval:def:17213
Title:	USN-1859-1 -- libxi vulnerabilities
Description:	Several security issues were fixed in libxi.
Family:	unix	Class:	patch
Reference(s):	usn-1859-1 CVE-2013-1984 CVE-2013-1995 CVE-2013-1998	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04	Product(s):	libxi
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxi6 DPKG is earlier than 2:1.6.1-1ubuntu0.1 OR Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxi6 DPKG is earlier than 2:1.6.99.1-0ubuntu3.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxi6 DPKG is earlier than 2:1.6.0-0ubuntu2.1 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND libxi6 DPKG is earlier than 2:1.3-3ubuntu0.2

Definition Id: oval:org.mitre.oval:def:17274

Oval ID:	oval:org.mitre.oval:def:17274
Title:	USN-1855-1 -- libxcb vulnerability
Description:	Several security issues were fixed in libxcb.
Family:	unix	Class:	patch
Reference(s):	usn-1855-1 CVE-2013-2064	Version:	7
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04	Product(s):	libxcb
Definition Synopsis:
Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxcb1 DPKG is earlier than 1.8.1-2ubuntu2.1 OR Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxcb1 DPKG is earlier than 1.8.1-1ubuntu1.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxcb1 DPKG is earlier than 1.8.1-1ubuntu0.2 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND libxcb1 DPKG is earlier than 1.5-2ubuntu0.1

Definition Id: oval:org.mitre.oval:def:17279

Oval ID:	oval:org.mitre.oval:def:17279
Title:	USN-1856-1 -- libxext vulnerability
Description:	Several security issues were fixed in libxext.
Family:	unix	Class:	patch
Reference(s):	usn-1856-1 CVE-2013-2003	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04	Product(s):	libxcursor
Definition Synopsis:
Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxcursor1 DPKG is earlier than 1:1.1.13-1ubuntu0.13.04.1 OR Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxcursor1 DPKG is earlier than 1:1.1.13-1ubuntu0.12.10.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxcursor1 DPKG is earlier than 1:1.1.12-1ubuntu0.1

Definition Id: oval:org.mitre.oval:def:17286

Oval ID:	oval:org.mitre.oval:def:17286
Title:	USN-1854-1 -- libx11 vulnerability
Description:	Several security issues were fixed in libx11.
Family:	unix	Class:	patch
Reference(s):	usn-1854-1 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04	Product(s):	libx11
Definition Synopsis:
Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libx11-6 DPKG is earlier than 2:1.5.0-1ubuntu1.1 OR Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libx11-6 DPKG is earlier than 2:1.5.0-1ubuntu0.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libx11-6 DPKG is earlier than 2:1.4.99.1-0ubuntu2.1 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND libx11-6 DPKG is earlier than 2:1.3.2-1ubuntu3.1

Definition Id: oval:org.mitre.oval:def:17349

Oval ID:	oval:org.mitre.oval:def:17349
Title:	USN-1860-1 -- libxinerama vulnerability
Description:	Several security issues were fixed in libxp.
Family:	unix	Class:	patch
Reference(s):	usn-1860-1 CVE-2013-1985	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04	Product(s):	libxinerama
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxinerama1 DPKG is earlier than 2:1.1.2-1ubuntu0.12.10.1 OR Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxinerama1 DPKG is earlier than 2:1.1.2-1ubuntu0.13.04.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxinerama1 DPKG is earlier than 2:1.1.1-3ubuntu0.1

Definition Id: oval:org.mitre.oval:def:17398

Oval ID:	oval:org.mitre.oval:def:17398
Title:	USN-1857-1 -- libxext vulnerability
Description:	Several security issues were fixed in libxext.
Family:	unix	Class:	patch
Reference(s):	usn-1857-1 CVE-2013-1982	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04	Product(s):	libxext
Definition Synopsis:
Release section Ubuntu 13.04 is installed AND Installed architecture is all AND libxext6 DPKG is earlier than 2:1.3.1-2ubuntu0.13.04.1 OR Release section Ubuntu 12.10 is installed AND Installed architecture is all AND libxext6 DPKG is earlier than 2:1.3.1-2ubuntu0.12.10.1 OR Release section Ubuntu 12.04 is installed AND Installed architecture is all AND libxext6 DPKG is earlier than 2:1.3.0-3ubuntu0.1 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND libxext6 DPKG is earlier than 2:1.1.1-2ubuntu0.1

Definition Id: oval:org.mitre.oval:def:18077

Oval ID:	oval:org.mitre.oval:def:18077
Title:	DSA-2691-1 libxinerama - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2691-1 CVE-2013-1985	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxinerama
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxinerama DPKG is earlier than 2:1.1-3+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxinerama DPKG is earlier than 2:1.1.2-1+deb7u1

Definition Id: oval:org.mitre.oval:def:18334

Oval ID:	oval:org.mitre.oval:def:18334
Title:	DSA-2677-1 libxrender - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2677-1 CVE-2013-1987	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxrender
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxrender DPKG is earlier than 1:0.9.6-1+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxrender DPKG is earlier than 1:0.9.7-1+deb7u1

Definition Id: oval:org.mitre.oval:def:18344

Oval ID:	oval:org.mitre.oval:def:18344
Title:	DSA-2681-1 libxcursor - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2681-1 CVE-2013-2003	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxcursor
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxcursor DPKG is earlier than 1:1.1.10-2+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxcursor DPKG is earlier than 1:1.1.13-1+deb7u1

Definition Id: oval:org.mitre.oval:def:18372

Oval ID:	oval:org.mitre.oval:def:18372
Title:	DSA-2685-1 libxp - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2685-1 CVE-2013-2062	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxp
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxp DPKG is earlier than 1:1.0.0.xsf1-2+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxp DPKG is earlier than 1:1.0.1-2+deb7u1

Definition Id: oval:org.mitre.oval:def:18377

Oval ID:	oval:org.mitre.oval:def:18377
Title:	DSA-2693-1 libx11 - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2693-1 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libx11
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libx11 DPKG is earlier than 2:1.3.3-4+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libx11 DPKG is earlier than 2:1.5.0-1+deb7u1

Definition Id: oval:org.mitre.oval:def:18459

Oval ID:	oval:org.mitre.oval:def:18459
Title:	DSA-2675-1 libxvmc - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2675-1 CVE-2013-1990 CVE-2013-1999	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxvmc
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxvmc DPKG is earlier than 2:1.0.5-1+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxvmc DPKG is earlier than 2:1.0.7-1+deb7u1

Definition Id: oval:org.mitre.oval:def:18523

Oval ID:	oval:org.mitre.oval:def:18523
Title:	DSA-2683-1 libxi - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2683-1 CVE-2013-1984 CVE-2013-1995 CVE-2013-1998	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxi
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxi DPKG is earlier than 2:1.3-8 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxi DPKG is earlier than 2:1.6.1-1+deb7u1

Definition Id: oval:org.mitre.oval:def:19537

Oval ID:	oval:org.mitre.oval:def:19537
Title:	DSA-2692-1 libxxf86vm - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2692-1 CVE-2013-2001	Version:	5
Platform(s):	Debian GNU/Linux 7 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 7 Debian GNU/kFreeBSD 6.0	Product(s):	libxxf86vm
Definition Synopsis:
Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxxf86vm DPKG is earlier than 1:1.1.2-1+deb7u1 AND Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxxf86vm DPKG is earlier than 1:1.1.0-2+squeeze1

Definition Id: oval:org.mitre.oval:def:19734

Oval ID:	oval:org.mitre.oval:def:19734
Title:	DSA-2686-1 libxcb - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2686-1 CVE-2013-2064	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxcb
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxcb DPKG is earlier than 0:1.6-1+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxcb DPKG is earlier than 0:1.8.1-2+deb7u1

Definition Id: oval:org.mitre.oval:def:19908

Oval ID:	oval:org.mitre.oval:def:19908
Title:	DSA-2676-1 libxfixes - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2676-1 CVE-2013-1983	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxfixes
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxfixes DPKG is earlier than 1:4.0.5-1+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxfixes DPKG is earlier than 1:5.0-4+deb7u1

Definition Id: oval:org.mitre.oval:def:19924

Oval ID:	oval:org.mitre.oval:def:19924
Title:	DSA-2690-1 libxxf86dga - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2690-1 CVE-2013-1991 CVE-2013-2000	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxxf86dga
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxxf86dga DPKG is earlier than 2:1.1.1-2+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxxf86dga DPKG is earlier than 2:1.1.3-2+deb7u1

Definition Id: oval:org.mitre.oval:def:19955

Oval ID:	oval:org.mitre.oval:def:19955
Title:	DSA-2684-1 libxrandr - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2684-1 CVE-2013-1986	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxrandr
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxrandr DPKG is earlier than 2:1.3.0-3+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxrandr DPKG is earlier than 2:1.3.2-2+deb7u1

Definition Id: oval:org.mitre.oval:def:19959

Oval ID:	oval:org.mitre.oval:def:19959
Title:	DSA-2680-1 libxt - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2680-1 CVE-2013-2002 CVE-2013-2005	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxt
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxt DPKG is earlier than 1:1.0.7-1+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxt DPKG is earlier than 1:1.1.3-1+deb7u1

Definition Id: oval:org.mitre.oval:def:20031

Oval ID:	oval:org.mitre.oval:def:20031
Title:	DSA-2682-1 libxext - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2682-1 CVE-2013-1982	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxext
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxext DPKG is earlier than 2:1.1.2-1+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxext DPKG is earlier than 2:1.3.1-2+deb7u1

Definition Id: oval:org.mitre.oval:def:20047

Oval ID:	oval:org.mitre.oval:def:20047
Title:	DSA-2674-1 libxv - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2674-1 CVE-2013-1989 CVE-2013-2066	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxv
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxv DPKG is earlier than 2:1.0.5-1+squeeze1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxv DPKG is earlier than 2:1.0.7-1+deb7u1

Definition Id: oval:org.mitre.oval:def:20087

Oval ID:	oval:org.mitre.oval:def:20087
Title:	DSA-2688-1 libxres - several
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2688-1 CVE-2013-1988	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	libxres
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxres DPKG is earlier than 2:1.0.4-1+squeeze AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxres DPKG is earlier than 2:1.0.6-1+deb7u1

Definition Id: oval:org.mitre.oval:def:21244

Oval ID:	oval:org.mitre.oval:def:21244
Title:	USN-1865-1 -- libxt vulnerabilities
Description:	Several security issues were fixed in libxt.
Family:	unix	Class:	patch
Reference(s):	USN-1865-1 CVE-2013-2002 CVE-2013-2005	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04	Product(s):	libxt
Definition Synopsis:
Ubuntu 13.04 release section Ubuntu 13.04 is installed AND libxt6 DPKG is earlier than 1:1.1.3-1ubuntu0.13.04.1 AND Ubuntu 12.10 release section Ubuntu 12.10 is installed AND libxt6 DPKG is earlier than 1:1.1.3-1ubuntu0.12.10.1 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND libxt6 DPKG is earlier than 1:1.1.1-2ubuntu0.1 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND libxt6 DPKG is earlier than 1:1.0.7-1ubuntu0.1

Definition Id: oval:org.mitre.oval:def:25444

Oval ID:	oval:org.mitre.oval:def:25444
Title:	SUSE-SU-2013:1099-2 -- Security update for xorg-x11-libXext
Description:	This update of xorg-x11-libXext fixes several integer overflow issues. Bug 815451/821665 CVE-2013-1982 Security Issues: * CVE-2013-1982 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1099-2 CVE-2013-1982	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libXext
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libXext RPM is earlier than 0:7.4-1.18.2 AND xorg-x11-libXext-32bit RPM is earlier than 0:7.4-1.18.2

Definition Id: oval:org.mitre.oval:def:25568

Oval ID:	oval:org.mitre.oval:def:25568
Title:	SUSE-SU-2013:1097-2 -- Security update for xorg-x11-libXfixes
Description:	This update of xorg-x11-libXfixes fixed a integer overflow issue. Bug 815451/821667 CVE-2013-1983 Security Issues: * CVE-2013-1983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1097-2 CVE-2013-1983	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libXfixes
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libXfixes RPM is earlier than 0:7.4-1.16.2 AND xorg-x11-libXfixes-32bit RPM is earlier than 0:7.4-1.16.2

Definition Id: oval:org.mitre.oval:def:25628

Oval ID:	oval:org.mitre.oval:def:25628
Title:	SUSE-SU-2013:1095-1 -- Security update for xorg-x11-libXrender
Description:	This update of xorg-x11-libXrender fixes several integer overflow issues (bnc#815451, bnc#821669, CVE-2013-1987). Security Issue reference: * CVE-2013-1987 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1095-1 CVE-2013-1987	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libXrender
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libXrender RPM is earlier than 0:7.4-1.16.1 AND xorg-x11-libXrender-32bit RPM is earlier than 0:7.4-1.16.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND xorg-x11-libXrender-devel RPM is earlier than 0:7.4-1.16.1

Definition Id: oval:org.mitre.oval:def:25657

Oval ID:	oval:org.mitre.oval:def:25657
Title:	SUSE-SU-2013:1100-2 -- Security update for xorg-x11-libX11
Description:	This update of xorg-x11-libX11 fixes several security issues. Bug 815451/821664 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 Security Issues: * CVE-2013-1981 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981 > * CVE-2013-1997 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997 > * CVE-2013-2004 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1100-2 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libX11
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libX11 RPM is earlier than 0:7.4-5.11.11.1 AND xorg-x11-libX11-32bit RPM is earlier than 0:7.4-5.11.11.1

Definition Id: oval:org.mitre.oval:def:25667

Oval ID:	oval:org.mitre.oval:def:25667
Title:	SUSE-SU-2013:1100-1 -- Security update for xorg-x11-libX11
Description:	This update of xorg-x11-libX11 fixes several security issues (bnc#815451, bnc#821664).
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1100-1 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libX11
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libX11 RPM is earlier than 0:7.4-5.11.11.1 AND xorg-x11-libX11-32bit RPM is earlier than 0:7.4-5.11.11.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND xorg-x11-libX11-devel RPM is earlier than 0:7.4-5.11.11.1

Definition Id: oval:org.mitre.oval:def:25682

Oval ID:	oval:org.mitre.oval:def:25682
Title:	SUSE-SU-2013:1097-1 -- Security update for xorg-x11-libXfixes
Description:	This update of xorg-x11-libXfixes fixes a integer overflow issue (bnc#815451, bnc#821667, CVE-2013-1983). Security Issue reference: * CVE-2013-1983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1097-1 CVE-2013-1983	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libXfixes
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libXfixes RPM is earlier than 0:7.4-1.16.1 AND xorg-x11-libXfixes-32bit RPM is earlier than 0:7.4-1.16.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND xorg-x11-libXfixes-devel RPM is earlier than 0:7.4-1.16.1

Definition Id: oval:org.mitre.oval:def:25685

Oval ID:	oval:org.mitre.oval:def:25685
Title:	SUSE-SU-2013:1102-2 -- Security update for xorg-x11-libXp
Description:	This update of xorg-x11-libXp fixes several integer overflow issues. Bug 815451/821668 CVE-2013-2062 Security Issues: * CVE-2013-2062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1102-2 CVE-2013-2062	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libXp
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libXp RPM is earlier than 0:7.4-1.18.1 AND xorg-x11-libXp-32bit RPM is earlier than 0:7.4-1.18.1

Definition Id: oval:org.mitre.oval:def:25707

Oval ID:	oval:org.mitre.oval:def:25707
Title:	SUSE-SU-2013:1099-1 -- Security update for xorg-x11-libXext
Description:	This update of xorg-x11-libXext fixes several integer overflow issues (bnc#815451, bnc#821665, CVE-2013-1982) Security Issue reference: * CVE-2013-1982 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1099-1 CVE-2013-1982	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libXext
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libXext RPM is earlier than 0:7.4-1.18.1 AND xorg-x11-libXext-32bit RPM is earlier than 0:7.4-1.18.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND xorg-x11-libXext-devel RPM is earlier than 0:7.4-1.18.1

Definition Id: oval:org.mitre.oval:def:25730

Oval ID:	oval:org.mitre.oval:def:25730
Title:	SUSE-SU-2014:0916-1 -- Security update for xorg-x11-libxcb
Description:	This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libxcb which fixes a security issue.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0916-1 CVE-2013-2064	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	xorg-x11-libxcb
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section xorg-x11-libxcb RPM is earlier than 0:7.4-1.22.5.15 AND xorg-x11-libxcb-32bit RPM is earlier than 0:7.4-1.22.5.15

Definition Id: oval:org.mitre.oval:def:25745

Oval ID:	oval:org.mitre.oval:def:25745
Title:	SUSE-SU-2013:1101-1 -- Security update for xorg-x11-libXt
Description:	This update of xorg-x11-libXt fixes several integer and buffer overflow issues (bnc#815451, bnc#821670, CVE-2013-2002, CVE-2013-2005).
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1101-1 CVE-2013-2002 CVE-2013-2005	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libXt
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libXt RPM is earlier than 0:7.4-1.19.1 AND xorg-x11-libXt-32bit RPM is earlier than 0:7.4-1.19.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND xorg-x11-libXt-devel RPM is earlier than 0:7.4-1.19.1

Definition Id: oval:org.mitre.oval:def:25764

Oval ID:	oval:org.mitre.oval:def:25764
Title:	SUSE-SU-2013:1102-1 -- Security update for xorg-x11-libXp
Description:	This update of xorg-x11-libXp fixes several integer overflow issues (bnc#815451, bnc#821668, CVE-2013-2062). Security Issue reference: * CVE-2013-2062 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1102-1 CVE-2013-2062	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libXp
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libXp RPM is earlier than 0:7.4-1.18.1 AND xorg-x11-libXp-32bit RPM is earlier than 0:7.4-1.18.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND xorg-x11-libXp-devel RPM is earlier than 0:7.4-1.18.1

Definition Id: oval:org.mitre.oval:def:25780

Oval ID:	oval:org.mitre.oval:def:25780
Title:	SUSE-SU-2013:1095-2 -- Security update for xorg-x11-libXrender
Description:	This update of xorg-x11-libXrender fixes several integer overflow issues. Bug 815451/821669 CVE-2013-1987 Security Issues: * CVE-2013-1987 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1095-2 CVE-2013-1987	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libXrender
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libXrender RPM is earlier than 0:7.4-1.16.2 AND xorg-x11-libXrender-32bit RPM is earlier than 0:7.4-1.16.2

Definition Id: oval:org.mitre.oval:def:25786

Oval ID:	oval:org.mitre.oval:def:25786
Title:	SUSE-SU-2013:1096-1 -- Security update for xorg-x11-libxcb
Description:	This update for xorg-x11-libxcb addresses the following security issues: * Fix a deadlock with multi-threaded applications running on real time kernels. (bnc#818829) * Fix an integer overflow in read_packet(). (bnc#821584, CVE-2013-2064) Security Issues: * CVE-2013-2064 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1096-1 CVE-2013-2064	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libxcb
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libxcb RPM is earlier than 0:7.4-1.22.5.1 AND xorg-x11-libxcb-32bit RPM is earlier than 0:7.4-1.22.5.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND xorg-x11-libxcb-devel RPM is earlier than 0:7.4-1.22.5.1

Definition Id: oval:org.mitre.oval:def:25813

Oval ID:	oval:org.mitre.oval:def:25813
Title:	SUSE-SU-2013:1101-2 -- Security update for xorg-x11-libXt
Description:	This update of xorg-x11-libXt fixes several integer and buffer overflow issues. Bug 815451/821670 CVE-2013-2002/CVE-2013-2005 Security Issues: * CVE-2013-2002 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002 > * CVE-2013-2005 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1101-2 CVE-2013-2002 CVE-2013-2005	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libXt
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libXt RPM is earlier than 0:7.4-1.19.2 AND xorg-x11-libXt-32bit RPM is earlier than 0:7.4-1.19.2

Definition Id: oval:org.mitre.oval:def:25861

Oval ID:	oval:org.mitre.oval:def:25861
Title:	SUSE-SU-2013:1104-2 -- Security update for xorg-x11-libXv
Description:	This update of xorg-x11-libXv fixes several integer and buffer overflow issues. Bug 815451/821671 CVE-2013-1989/CVE-2013-2066 Security Issues: * CVE-2013-1989 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989 > * CVE-2013-2066 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1104-2 CVE-2013-1989 CVE-2013-2066	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libXv
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libXv RPM is earlier than 0:7.4-1.16.2 AND xorg-x11-libXv-32bit RPM is earlier than 0:7.4-1.16.2

Definition Id: oval:org.mitre.oval:def:25897

Oval ID:	oval:org.mitre.oval:def:25897
Title:	SUSE-SU-2013:1104-1 -- Security update for xorg-x11-libXv
Description:	This update of xorg-x11-libXv fixes several integer and buffer overflow issues (bnc#815451, bnc#821671, CVE-2013-1989, CVE-2013-2066).
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1104-1 CVE-2013-1989 CVE-2013-2066	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	xorg-x11-libXv
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section xorg-x11-libXv RPM is earlier than 0:7.4-1.16.1 AND xorg-x11-libXv-32bit RPM is earlier than 0:7.4-1.16.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND xorg-x11-libXv-devel RPM is earlier than 0:7.4-1.16.1

Definition Id: oval:org.mitre.oval:def:25916

Oval ID:	oval:org.mitre.oval:def:25916
Title:	SUSE-SU-2013:1183-1 -- Security update for xorg-x11
Description:	This update of xorg-x11 fixes several security vulnerabilities. * Bug 815451- X.Org Security Advisory: May 23, 2013 * Bug 821664 - libX11 * Bug 821671 - libXv * Bug 821670 - libXt * Bug 821669 - libXrender * Bug 821668 - libXp * Bug 821667 - libXfixes * Bug 821665 - libXext * Bug 821663 - libFS, libXcursor, libXi, libXinerama, libXRes, libXtst, libXvMC, libXxf86dga, libXxf86vm, libdmx
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1183-1 CVE-2013-1981 CVE-2013-1982 CVE-2013-1983 CVE-2013-1984 CVE-2013-1985 CVE-2013-1987 CVE-2013-1988 CVE-2013-1989 CVE-2013-1990 CVE-2013-1991 CVE-2013-1992 CVE-2013-1995 CVE-2013-1996 CVE-2013-1997 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2002 CVE-2013-2003 CVE-2013-2004 CVE-2013-2005 CVE-2013-2062 CVE-2013-2063 CVE-2013-2066	Version:	5
Platform(s):	SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 10	Product(s):	xorg-x11
Definition Synopsis:
SUSE Linux Enterprise Server 10 and SUSE Linux Enterprise Desktop 10 release section Operation system section SUSE Linux Enterprise Server 10 is installed AND SUSE Linux Enterprise Desktop 10 is installed Packages match section xorg-x11 RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-Xnest RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-Xvfb RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-Xvnc RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-devel RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-fonts-100dpi RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-fonts-75dpi RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-fonts-cyrillic RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-fonts-scalable RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-fonts-syriac RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-libs RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-man RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-server RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-server-glx RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-devel-32bit RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-libs-32bit RPM is earlier than 0:6.9.0-50.84.4 AND SUSE Linux Enterprise Server 10 release section SUSE Linux Enterprise Server 10 is installed Packages match section xorg-x11-doc RPM is earlier than 0:6.9.0-50.84.4 AND xorg-x11-sdk RPM is earlier than 0:6.9.0-50.84.4

Definition Id: oval:org.mitre.oval:def:26059

Oval ID:	oval:org.mitre.oval:def:26059
Title:	SUSE-SU-2014:0882-1 -- Security update for xorg-x11-libXv
Description:	This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libXv, fixing security issues and some bugs.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0882-1 CVE-2013-1989 CVE-2013-2066	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	xorg-x11-libXv
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section xorg-x11-libXv RPM is earlier than 0:7.4-1.16.8 AND xorg-x11-libXv-32bit RPM is earlier than 0:7.4-1.16.8

Definition Id: oval:org.mitre.oval:def:26104

Oval ID:	oval:org.mitre.oval:def:26104
Title:	SUSE-SU-2014:0915-1 -- Security update for xorg-x11-libXp
Description:	This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libXp which fixes a security issue.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0915-1 CVE-2013-2062	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	xorg-x11-libXp
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section xorg-x11-libXp RPM is earlier than 0:7.4-1.18.7 AND xorg-x11-libXp-32bit RPM is earlier than 0:7.4-1.18.7

Definition Id: oval:org.mitre.oval:def:26143

Oval ID:	oval:org.mitre.oval:def:26143
Title:	SUSE-SU-2014:0898-1 -- Security update for xorg-x11-libXt
Description:	This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libXt, fixing security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0898-1 CVE-2013-2002 CVE-2013-2005	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	xorg-x11-libXt
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section xorg-x11-libXt RPM is earlier than 0:7.4-1.19.8 AND xorg-x11-libXt-32bit RPM is earlier than 0:7.4-1.19.8

Definition Id: oval:org.mitre.oval:def:26144

Oval ID:	oval:org.mitre.oval:def:26144
Title:	SUSE-SU-2014:0893-1 -- Security update for xorg-x11-libX11
Description:	This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libX11, fixing a security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0893-1 CVE-2013-1981 CVE-2013-1997 CVE-2013-2004	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	xorg-x11-libX11
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section xorg-x11-libX11 RPM is earlier than 0:7.4-5.11.11.7 AND xorg-x11-libX11-32bit RPM is earlier than 0:7.4-5.11.11.7

Definition Id: oval:org.mitre.oval:def:26146

Oval ID:	oval:org.mitre.oval:def:26146
Title:	SUSE-SU-2014:0900-1 -- Security update for xorg-x11-libXfixes
Description:	This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libXfixes, fixing a security issue.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0900-1 CVE-2013-1983	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	xorg-x11-libXfixes
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section xorg-x11-libXfixes RPM is earlier than 0:7.4-1.16.8 AND xorg-x11-libXfixes-32bit RPM is earlier than 0:7.4-1.16.8

Definition Id: oval:org.mitre.oval:def:26151

Oval ID:	oval:org.mitre.oval:def:26151
Title:	SUSE-SU-2014:0883-1 -- Security update for xorg-x11-libXext
Description:	This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libXext, fixing a security issue.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0883-1 CVE-2013-1982	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	xorg-x11-libXext
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section xorg-x11-libXext RPM is earlier than 0:7.4-1.18.16 AND xorg-x11-libXext-32bit RPM is earlier than 0:7.4-1.18.16

Definition Id: oval:org.mitre.oval:def:26243

Oval ID:	oval:org.mitre.oval:def:26243
Title:	SUSE-SU-2014:0919-1 -- Security update for xorg-x11-libXrender
Description:	This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libXrender which fixes a security issue.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0919-1 CVE-2013-1987	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	xorg-x11-libXrender
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section xorg-x11-libXrender RPM is earlier than 0:7.4-1.16.8 AND xorg-x11-libXrender-32bit RPM is earlier than 0:7.4-1.16.8

Definition Id: oval:org.mitre.oval:def:26759

Oval ID:	oval:org.mitre.oval:def:26759
Title:	RHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update (Moderate)
Description:	The X11 (Xorg) libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system. (CVE-2013-1981, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-2003, CVE-2013-2062, CVE-2013-2064) Multiple array index errors, leading to heap-based buffer out-of-bounds write flaws, were found in the way various X11 client libraries handled data returned from an X11 server. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2066) A buffer overflow flaw was found in the way the XListInputDevices() function of X.Org X11's libXi runtime library handled signed numbers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1995) A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-2005) Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file. (CVE-2013-2004) The xkeyboard-config package has been upgraded to upstream version 2.11, which provides a number of bug fixes and enhancements over the previous version. (BZ#1077471) This update also fixes the following bugs: * Previously, updating the mesa-libGL package did not update the libX11 package, although it was listed as a dependency of mesa-libGL. This bug has been fixed and updating mesa-libGL now updates all dependent packages as expected. (BZ#1054614) * Previously, closing a customer application could occasionally cause the X Server to terminate unexpectedly. After this update, the X Server no longer hangs when a user closes a customer application. (BZ#971626) All X11 client libraries users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1436-01 CVE-2013-1981 CVE-2013-1982 CVE-2013-1983 CVE-2013-1984 CVE-2013-1985 CVE-2013-1986 CVE-2013-1987 CVE-2013-1988 CVE-2013-1989 CVE-2013-1990 CVE-2013-1991 CVE-2013-1995 CVE-2013-1997 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2002 CVE-2013-2003 CVE-2013-2004 CVE-2013-2005 CVE-2013-2062 CVE-2013-2064 CVE-2013-2066 CESA-2014:1436-CentOS 6	Version:	5
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	libX11 libXcursor libXext libXfixes libXi libXinerama libXp libXrandr libXrender libXres libXt libXtst libXv libXvMC libXxf86dga libXxf86vm libdmx libxcb xcb-proto xkeyboard-config xorg-x11-proto-devel xorg-x11-xtrans-devel
Definition Synopsis:
Red Hat Enterprise Linux 6 and CentOS Linux 6 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages match section libX11 is earlier than 0:1.6.0-2.2.el6 AND libX11-common is earlier than 0:1.6.0-2.2.el6 AND libX11-devel is earlier than 0:1.6.0-2.2.el6 AND libXcursor is earlier than 0:1.1.14-2.1.el6 AND libXcursor-devel is earlier than 0:1.1.14-2.1.el6 AND libXext is earlier than 0:1.3.2-2.1.el6 AND libXext-devel is earlier than 0:1.3.2-2.1.el6 AND libXfixes is earlier than 0:5.0.1-2.1.el6 AND libXfixes-devel is earlier than 0:5.0.1-2.1.el6 AND libXi is earlier than 0:1.7.2-2.2.el6 AND libXi-devel is earlier than 0:1.7.2-2.2.el6 AND libXinerama is earlier than 0:1.1.3-2.1.el6 AND libXinerama-devel is earlier than 0:1.1.3-2.1.el6 AND libXp is earlier than 0:1.0.2-2.1.el6 AND libXp-devel is earlier than 0:1.0.2-2.1.el6 AND libXrandr is earlier than 0:1.4.1-2.1.el6 AND libXrandr-devel is earlier than 0:1.4.1-2.1.el6 AND libXrender is earlier than 0:0.9.8-2.1.el6 AND libXrender-devel is earlier than 0:0.9.8-2.1.el6 AND libXres is earlier than 0:1.0.7-2.1.el6 AND libXres-devel is earlier than 0:1.0.7-2.1.el6 AND libXt is earlier than 0:1.1.4-6.1.el6 AND libXt-devel is earlier than 0:1.1.4-6.1.el6 AND libXtst is earlier than 0:1.2.2-2.1.el6 AND libXtst-devel is earlier than 0:1.2.2-2.1.el6 AND libXv is earlier than 0:1.0.9-2.1.el6 AND libXv-devel is earlier than 0:1.0.9-2.1.el6 AND libXvMC is earlier than 0:1.0.8-2.1.el6 AND libXvMC-devel is earlier than 0:1.0.8-2.1.el6 AND libXxf86dga is earlier than 0:1.1.4-2.1.el6 AND libXxf86dga-devel is earlier than 0:1.1.4-2.1.el6 AND libXxf86vm is earlier than 0:1.1.3-2.1.el6 AND libXxf86vm-devel is earlier than 0:1.1.3-2.1.el6 AND libdmx is earlier than 0:1.1.3-3.el6 AND libdmx-devel is earlier than 0:1.1.3-3.el6 AND libxcb is earlier than 0:1.9.1-2.el6 AND libxcb-devel is earlier than 0:1.9.1-2.el6 AND libxcb-doc is earlier than 0:1.9.1-2.el6 AND libxcb-python is earlier than 0:1.9.1-2.el6 AND xcb-proto is earlier than 0:1.8-3.el6 AND xkeyboard-config is earlier than 0:2.11-1.el6 AND xkeyboard-config-devel is earlier than 0:2.11-1.el6 AND xorg-x11-proto-devel is earlier than 0:7.7-9.el6 AND xorg-x11-xtrans-devel is earlier than 0:1.3.4-1.el6 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section libX11-debuginfo is earlier than 0:1.6.0-2.2.el6 AND libXcursor-debuginfo is earlier than 0:1.1.14-2.1.el6 AND libXext-debuginfo is earlier than 0:1.3.2-2.1.el6 AND libXfixes-debuginfo is earlier than 0:5.0.1-2.1.el6 AND libXi-debuginfo is earlier than 0:1.7.2-2.2.el6 AND libXinerama-debuginfo is earlier than 0:1.1.3-2.1.el6 AND libXp-debuginfo is earlier than 0:1.0.2-2.1.el6 AND libXrandr-debuginfo is earlier than 0:1.4.1-2.1.el6 AND libXrender-debuginfo is earlier than 0:0.9.8-2.1.el6 AND libXres-debuginfo is earlier than 0:1.0.7-2.1.el6 AND libXt-debuginfo is earlier than 0:1.1.4-6.1.el6 AND libXtst-debuginfo is earlier than 0:1.2.2-2.1.el6 AND libXv-debuginfo is earlier than 0:1.0.9-2.1.el6 AND libXvMC-debuginfo is earlier than 0:1.0.8-2.1.el6 AND libXxf86dga-debuginfo is earlier than 0:1.1.4-2.1.el6 AND libXxf86vm-debuginfo is earlier than 0:1.1.3-2.1.el6 AND libdmx-debuginfo is earlier than 0:1.1.3-3.el6 AND libxcb-debuginfo is earlier than 0:1.9.1-2.el6

Definition Id: oval:org.mitre.oval:def:29114

Oval ID:	oval:org.mitre.oval:def:29114
Title:	DSA-2675-2 -- libxvmc -- several vulnerabilities
Description:	Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2675-2 CVE-2013-1990 CVE-2013-1999	Version:	3
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	libxvmc
Definition Synopsis:
Debian 6 Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxvmc is earlier than 2:1.0.5-1+squeeze2 OR Debian 7 Debian 7 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxvmc is earlier than 2:1.0.7-1+deb7u2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Oracle Secure Global Desktop cpe:2.3:a:oracle:secure_global_desktop:5.2:::::::* cpe:2.3:a:oracle:secure_global_desktop:4.71:::::::*	2
Application	X libx11 cpe:2.3:a:x:libx11:1.5.0:::::::*	1
Application	X Libxcb cpe:2.3:a:x:libxcb:1.8.1:::::::* cpe:2.3:a:x:libxcb:1.8:::::::* cpe:2.3:a:x:libxcb:1.7:::::::* cpe:2.3:a:x:libxcb:1.6:::::::* cpe:2.3:a:x:libxcb:1.5:::::::* cpe:2.3:a:x:libxcb:1.4:::::::* cpe:2.3:a:x:libxcb:1.3:::::::* cpe:2.3:a:x:libxcb:1.2:::::::* cpe:2.3:a:x:libxcb:1.1.93:::::::* cpe:2.3:a:x:libxcb:1.1.92:::::::* cpe:2.3:a:x:libxcb:1.1.91:::::::* cpe:2.3:a:x:libxcb:1.1.90.1:::::::*	12
Application	X Libxcursor cpe:2.3:a:x:libxcursor:1.1.9:::::::* cpe:2.3:a:x:libxcursor:1.1.8:::::::* cpe:2.3:a:x:libxcursor:1.1.7:::::::* cpe:2.3:a:x:libxcursor:1.1.6:::::::* cpe:2.3:a:x:libxcursor:1.1.12:::::::* cpe:2.3:a:x:libxcursor:1.1.11:::::::* cpe:2.3:a:x:libxcursor:1.1.10:::::::* cpe:2.3:a:x:libxcursor::::::::	8
Application	X Libxext cpe:2.3:a:x:libxext:1.3.0:::::::* cpe:2.3:a:x:libxext:1.2.0:::::::* cpe:2.3:a:x:libxext:1.1.2:::::::* cpe:2.3:a:x:libxext:1.1.1:::::::* cpe:2.3:a:x:libxext:1.1:::::::* cpe:2.3:a:x:libxext:1.0.99.4:::::::* cpe:2.3:a:x:libxext:1.0.99.3:::::::* cpe:2.3:a:x:libxext:1.0.99.2:::::::*	8
Application	X Libxfixes cpe:2.3:a:x:libxfixes:4.0.5:::::::* cpe:2.3:a:x:libxfixes:4.0.4:::::::* cpe:2.3:a:x:libxfixes:4.0.3:::::::* cpe:2.3:a:x:libxfixes:4.0.2:::::::* cpe:2.3:a:x:libxfixes:4.0.1:::::::* cpe:2.3:a:x:libxfixes:4.0:::::::*	6
Application	X Libxinerama cpe:2.3:a:x:libxinerama:1.1.1:::::::* cpe:2.3:a:x:libxinerama:1.1:::::::* cpe:2.3:a:x:libxinerama:1.0.99.1:::::::* cpe:2.3:a:x:libxinerama:1.0.3:::::::* cpe:2.3:a:x:libxinerama:1.0.2:::::::*	5
Application	X Libxp cpe:2.3:a:x:libxp:1.0.0:::::::*	1
Application	X Libxrandr cpe:2.3:a:x:libxrandr:1.3.2:::::::* cpe:2.3:a:x:libxrandr:1.3.1:::::::* cpe:2.3:a:x:libxrandr:1.3.0:::::::* cpe:2.3:a:x:libxrandr:1.2.99.4:::::::* cpe:2.3:a:x:libxrandr:1.2.99.3:::::::* cpe:2.3:a:x:libxrandr:1.2.99.2:::::::* cpe:2.3:a:x:libxrandr:1.2.99.1:::::::* cpe:2.3:a:x:libxrandr:1.2.3:::::::*	8
Application	X Libxrender cpe:2.3:a:x:libxrender:0.9.6:::::::* cpe:2.3:a:x:libxrender:0.9.5:::::::* cpe:2.3:a:x:libxrender:0.9.4:::::::* cpe:2.3:a:x:libxrender:0.9.3:::::::* cpe:2.3:a:x:libxrender:0.9.2:::::::* cpe:2.3:a:x:libxrender:0.9.1:::::::*	6
Application	X Libxres cpe:2.3:a:x:libxres:1.0.5:::::::* cpe:2.3:a:x:libxres:1.0.4:::::::* cpe:2.3:a:x:libxres:1.0.3:::::::* cpe:2.3:a:x:libxres:1.0.2:::::::* cpe:2.3:a:x:libxres:1.0.1:::::::*	5
Application	X Libxt cpe:2.3:a:x:libxt:1.1.2:::::::* cpe:2.3:a:x:libxt:1.1.1:::::::* cpe:2.3:a:x:libxt:1.0.9:::::::* cpe:2.3:a:x:libxt:1.0.8:::::::* cpe:2.3:a:x:libxt:1.0.7:::::::* cpe:2.3:a:x:libxt:1.0.6:::::::* cpe:2.3:a:x:libxt:1.0.5:::::::* cpe:2.3:a:x:libxt:1.0.4:::::::* cpe:2.3:a:x:libxt:1.0.3:::::::*	9
Application	X Libxv cpe:2.3:a:x:libxv:1.0.6:::::::* cpe:2.3:a:x:libxv:1.0.5:::::::* cpe:2.3:a:x:libxv:1.0.4:::::::* cpe:2.3:a:x:libxv:1.0.3:::::::* cpe:2.3:a:x:libxv:1.0.2:::::::*	5
Application	X Libxvmc cpe:2.3:a:x:libxvmc:1.0.6:::::::* cpe:2.3:a:x:libxvmc:1.0.5:::::::* cpe:2.3:a:x:libxvmc:1.0.4:::::::* cpe:2.3:a:x:libxvmc:1.0.3:::::::* cpe:2.3:a:x:libxvmc:1.0.2:::::::*	5
Application	X libxxf86dga cpe:2.3:a:x:libxxf86dga:1.1.2:::::::* cpe:2.3:a:x:libxxf86dga:1.1.1:::::::* cpe:2.3:a:x:libxxf86dga:1.1:::::::* cpe:2.3:a:x:libxxf86dga:1.0.99.2:::::::* cpe:2.3:a:x:libxxf86dga:1.0.99.1:::::::* cpe:2.3:a:x:libxxf86dga:1.0.2:::::::* cpe:2.3:a:x:libxxf86dga:1.0.1:::::::*	7
Application	X libxxf86vm cpe:2.3:a:x:libxxf86vm:1.1.1:::::::* cpe:2.3:a:x:libxxf86vm:1.1.0:::::::* cpe:2.3:a:x:libxxf86vm:1.0.99.1:::::::* cpe:2.3:a:x:libxxf86vm:1.0.2:::::::* cpe:2.3:a:x:libxxf86vm:1.0.1:::::::*	5
Application	X.Org Libxi cpe:2.3:a:x.org:libxi:1.7:::::::* cpe:2.3:a:x.org:libxi:1.6.99.1:::::::* cpe:2.3:a:x.org:libxi:1.6.2:::::::* cpe:2.3:a:x.org:libxi:1.6.1:::::::* cpe:2.3:a:x.org:libxi:1.6.0:::::::* cpe:2.3:a:x.org:libxi:1.5.99.3:::::::* cpe:2.3:a:x.org:libxi:1.5.99.2:::::::* cpe:2.3:a:x.org:libxi:1.5.0:::::::*	8
Application	X.Org Libxv cpe:2.3:a:x.org:libxv:1.0.7:::::::* cpe:2.3:a:x.org:libxv:1.0.6:::::::* cpe:2.3:a:x.org:libxv:1.0.5:::::::* cpe:2.3:a:x.org:libxv:1.0.4:::::::* cpe:2.3:a:x.org:libxv:1.0.3:::::::* cpe:2.3:a:x.org:libxv:1.0.2:::::::*	6
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::* cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:::::*	6
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:7.0:::::::* cpe:2.3:o:debian:debian_linux:6.0:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:19:::::::*	1
Os	Opensuse cpe:2.3:o:opensuse:opensuse:12.3:::::::* cpe:2.3:o:opensuse:opensuse:12.2:::::::*	2

Nessus® Vulnerability Scanner

Date	Description
2017-10-19	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2017-291-01.nasl - Type : ACT_GATHER_INFO
2017-05-02	Name : An application installed on the remote host is affected by multiple vulnerabi... File : oracle_secure_global_desktop_apr_2017_cpu.nasl - Type : ACT_GATHER_INFO
2017-03-10	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0644-1.nasl - Type : ACT_GATHER_INFO
2016-07-25	Name : An application installed on the remote host is affected by multiple vulnerabi... File : oracle_secure_global_desktop_jul_2016_cpu.nasl - Type : ACT_GATHER_INFO
2015-10-01	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_43690.nasl - Type : ACT_GATHER_INFO
2015-09-24	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_44149.nasl - Type : ACT_GATHER_INFO
2015-09-24	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_44188.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_xorg_20130924.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_xorg_20141107.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-452.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1436.nasl - Type : ACT_GATHER_INFO
2014-11-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141014_X11_client_libraries_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1436.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-403.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-405.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-486.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-487.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-488.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-489.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-490.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-491.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-502.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-503.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-504.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-505.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-506.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-508.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-509.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-511.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-514.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-516.nasl - Type : ACT_GATHER_INFO
2014-05-16	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-07.nasl - Type : ACT_GATHER_INFO
2013-07-30	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-devel-130625.nasl - Type : ACT_GATHER_INFO
2013-07-30	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libXext-130612.nasl - Type : ACT_GATHER_INFO
2013-07-30	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libXfixes-130612.nasl - Type : ACT_GATHER_INFO
2013-07-30	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libXrender-130612.nasl - Type : ACT_GATHER_INFO
2013-07-30	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libXt-130612.nasl - Type : ACT_GATHER_INFO
2013-07-30	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libXv-130612.nasl - Type : ACT_GATHER_INFO
2013-07-19	Name : The remote Fedora host is missing a security update. File : fedora_2013-12593.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-10063.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-11734.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-12083.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-9146.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-9147.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-9156.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-9177.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-9188.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-devel-130612.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libX11-130612.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libXext-130531.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libXfixes-130531.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libXp-130612.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libXrender-130603.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libXt-130604.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libXv-130604.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-libxcb-130524.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1854-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1855-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1856-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1857-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1858-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1859-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1860-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1861-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1862-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1863-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1864-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1865-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1867-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1868-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1869-1.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1870-1.nasl - Type : ACT_GATHER_INFO
2013-06-05	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2eebebffcd3b11e28f09001b38c3836c.nasl - Type : ACT_GATHER_INFO
2013-06-03	Name : The remote Fedora host is missing a security update. File : fedora_2013-9107.nasl - Type : ACT_GATHER_INFO
2013-06-03	Name : The remote Fedora host is missing a security update. File : fedora_2013-9108.nasl - Type : ACT_GATHER_INFO
2013-06-03	Name : The remote Fedora host is missing a security update. File : fedora_2013-9117.nasl - Type : ACT_GATHER_INFO
2013-06-03	Name : The remote Fedora host is missing a security update. File : fedora_2013-9120.nasl - Type : ACT_GATHER_INFO
2013-06-03	Name : The remote Fedora host is missing a security update. File : fedora_2013-9135.nasl - Type : ACT_GATHER_INFO
2013-06-03	Name : The remote Fedora host is missing a security update. File : fedora_2013-9137.nasl - Type : ACT_GATHER_INFO
2013-06-03	Name : The remote Fedora host is missing a security update. File : fedora_2013-9141.nasl - Type : ACT_GATHER_INFO
2013-06-03	Name : The remote Fedora host is missing a security update. File : fedora_2013-9162.nasl - Type : ACT_GATHER_INFO
2013-06-03	Name : The remote Fedora host is missing a security update. File : fedora_2013-9166.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2693.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9046.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9052.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9053.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9056.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9060.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9065.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9066.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9070.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9079.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9085.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9088.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9096.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9098.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9099.nasl - Type : ACT_GATHER_INFO
2013-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-9151.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2674.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2675.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2676.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2677.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2680.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2681.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2682.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2683.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2684.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2685.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2686.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2688.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2690.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2691.nasl - Type : ACT_GATHER_INFO
2013-05-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2692.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-11-27 13:28:40	Multiple Updates
2014-11-13 13:27:24	Multiple Updates
2014-10-16 13:25:50	Multiple Updates
2014-10-14 09:22:22	First insertion

Global Informations

Type	Count
CWE ID(s)	24
Oval ID(s)	58
CPE ID(s)	118
Nessus® Exploit(s)	113

	Related
6.8	CVE-2013-2066
6.8	CVE-2013-2064
6.8	CVE-2013-2062
6.8	CVE-2013-2005
6.8	CVE-2013-2004
6.8	CVE-2013-2003
6.8	CVE-2013-2002
6.8	CVE-2013-2001
6.8	CVE-2013-2000
6.8	CVE-2013-1999
6.8	CVE-2013-1998
6.8	CVE-2013-1997
6.8	CVE-2013-1995
6.8	CVE-2013-1991
6.8	CVE-2013-1990
6.8	CVE-2013-1989
6.8	CVE-2013-1988
6.8	CVE-2013-1987
6.8	CVE-2013-1986
6.8	CVE-2013-1985
6.8	CVE-2013-1984
6.8	CVE-2013-1983
6.8	CVE-2013-1982
6.8	CVE-2013-1981
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 24 more Alert(s)

6.8 - RHSA-2014:1436

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU