oval:org.mitre.oval:def:26759

Definition Id: oval:org.mitre.oval:def:26759

Oval ID:	oval:org.mitre.oval:def:26759
Title:	RHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update (Moderate)
Description:	The X11 (Xorg) libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system. (CVE-2013-1981, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-2003, CVE-2013-2062, CVE-2013-2064) Multiple array index errors, leading to heap-based buffer out-of-bounds write flaws, were found in the way various X11 client libraries handled data returned from an X11 server. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2066) A buffer overflow flaw was found in the way the XListInputDevices() function of X.Org X11's libXi runtime library handled signed numbers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1995) A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-2005) Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file. (CVE-2013-2004) The xkeyboard-config package has been upgraded to upstream version 2.11, which provides a number of bug fixes and enhancements over the previous version. (BZ#1077471) This update also fixes the following bugs: * Previously, updating the mesa-libGL package did not update the libX11 package, although it was listed as a dependency of mesa-libGL. This bug has been fixed and updating mesa-libGL now updates all dependent packages as expected. (BZ#1054614) * Previously, closing a customer application could occasionally cause the X Server to terminate unexpectedly. After this update, the X Server no longer hangs when a user closes a customer application. (BZ#971626) All X11 client libraries users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1436-01 CVE-2013-1981 CVE-2013-1982 CVE-2013-1983 CVE-2013-1984 CVE-2013-1985 CVE-2013-1986 CVE-2013-1987 CVE-2013-1988 CVE-2013-1989 CVE-2013-1990 CVE-2013-1991 CVE-2013-1995 CVE-2013-1997 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2002 CVE-2013-2003 CVE-2013-2004 CVE-2013-2005 CVE-2013-2062 CVE-2013-2064 CVE-2013-2066 CESA-2014:1436-CentOS 6	Version:	5
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	libX11 libXcursor libXext libXfixes libXi libXinerama libXp libXrandr libXrender libXres libXt libXtst libXv libXvMC libXxf86dga libXxf86vm libdmx libxcb xcb-proto xkeyboard-config xorg-x11-proto-devel xorg-x11-xtrans-devel
Definition Synopsis:
Red Hat Enterprise Linux 6 and CentOS Linux 6 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages match section libX11 is earlier than 0:1.6.0-2.2.el6 AND libX11-common is earlier than 0:1.6.0-2.2.el6 AND libX11-devel is earlier than 0:1.6.0-2.2.el6 AND libXcursor is earlier than 0:1.1.14-2.1.el6 AND libXcursor-devel is earlier than 0:1.1.14-2.1.el6 AND libXext is earlier than 0:1.3.2-2.1.el6 AND libXext-devel is earlier than 0:1.3.2-2.1.el6 AND libXfixes is earlier than 0:5.0.1-2.1.el6 AND libXfixes-devel is earlier than 0:5.0.1-2.1.el6 AND libXi is earlier than 0:1.7.2-2.2.el6 AND libXi-devel is earlier than 0:1.7.2-2.2.el6 AND libXinerama is earlier than 0:1.1.3-2.1.el6 AND libXinerama-devel is earlier than 0:1.1.3-2.1.el6 AND libXp is earlier than 0:1.0.2-2.1.el6 AND libXp-devel is earlier than 0:1.0.2-2.1.el6 AND libXrandr is earlier than 0:1.4.1-2.1.el6 AND libXrandr-devel is earlier than 0:1.4.1-2.1.el6 AND libXrender is earlier than 0:0.9.8-2.1.el6 AND libXrender-devel is earlier than 0:0.9.8-2.1.el6 AND libXres is earlier than 0:1.0.7-2.1.el6 AND libXres-devel is earlier than 0:1.0.7-2.1.el6 AND libXt is earlier than 0:1.1.4-6.1.el6 AND libXt-devel is earlier than 0:1.1.4-6.1.el6 AND libXtst is earlier than 0:1.2.2-2.1.el6 AND libXtst-devel is earlier than 0:1.2.2-2.1.el6 AND libXv is earlier than 0:1.0.9-2.1.el6 AND libXv-devel is earlier than 0:1.0.9-2.1.el6 AND libXvMC is earlier than 0:1.0.8-2.1.el6 AND libXvMC-devel is earlier than 0:1.0.8-2.1.el6 AND libXxf86dga is earlier than 0:1.1.4-2.1.el6 AND libXxf86dga-devel is earlier than 0:1.1.4-2.1.el6 AND libXxf86vm is earlier than 0:1.1.3-2.1.el6 AND libXxf86vm-devel is earlier than 0:1.1.3-2.1.el6 AND libdmx is earlier than 0:1.1.3-3.el6 AND libdmx-devel is earlier than 0:1.1.3-3.el6 AND libxcb is earlier than 0:1.9.1-2.el6 AND libxcb-devel is earlier than 0:1.9.1-2.el6 AND libxcb-doc is earlier than 0:1.9.1-2.el6 AND libxcb-python is earlier than 0:1.9.1-2.el6 AND xcb-proto is earlier than 0:1.8-3.el6 AND xkeyboard-config is earlier than 0:2.11-1.el6 AND xkeyboard-config-devel is earlier than 0:2.11-1.el6 AND xorg-x11-proto-devel is earlier than 0:7.7-9.el6 AND xorg-x11-xtrans-devel is earlier than 0:1.3.4-1.el6 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section libX11-debuginfo is earlier than 0:1.6.0-2.2.el6 AND libXcursor-debuginfo is earlier than 0:1.1.14-2.1.el6 AND libXext-debuginfo is earlier than 0:1.3.2-2.1.el6 AND libXfixes-debuginfo is earlier than 0:5.0.1-2.1.el6 AND libXi-debuginfo is earlier than 0:1.7.2-2.2.el6 AND libXinerama-debuginfo is earlier than 0:1.1.3-2.1.el6 AND libXp-debuginfo is earlier than 0:1.0.2-2.1.el6 AND libXrandr-debuginfo is earlier than 0:1.4.1-2.1.el6 AND libXrender-debuginfo is earlier than 0:0.9.8-2.1.el6 AND libXres-debuginfo is earlier than 0:1.0.7-2.1.el6 AND libXt-debuginfo is earlier than 0:1.1.4-6.1.el6 AND libXtst-debuginfo is earlier than 0:1.2.2-2.1.el6 AND libXv-debuginfo is earlier than 0:1.0.9-2.1.el6 AND libXvMC-debuginfo is earlier than 0:1.0.8-2.1.el6 AND libXxf86dga-debuginfo is earlier than 0:1.1.4-2.1.el6 AND libXxf86vm-debuginfo is earlier than 0:1.1.3-2.1.el6 AND libdmx-debuginfo is earlier than 0:1.1.3-3.el6 AND libxcb-debuginfo is earlier than 0:1.9.1-2.el6

Definition Id: oval:org.mitre.oval:def:20273

Oval ID:	oval:org.mitre.oval:def:20273
Title:	The operating system installed on the system is Red Hat Enterprise Linux 6
Description:	The operating system installed on the system is Red Hat Enterprise Linux 6.
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:redhat:enterprise_linux:6	Version:	6
Platform(s):	Red Hat Enterprise Linux 6	Product(s):
Definition Synopsis:
Red Hat Enterprise 6 is installed AND NOT Oracle Linux 6.x is installed
Referenced By:
oval:org.mitre.oval:def:26759 oval:org.mitre.oval:def:26759

Definition Id: oval:org.mitre.oval:def:16337

Oval ID:	oval:org.mitre.oval:def:16337
Title:	The operating system installed on the system is CentOS Linux 6.x
Description:	The operating system installed on the system is CentOS Linux 6.x
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:centos:centos:6	Version:	5
Platform(s):	CentOS Linux 6	Product(s):
Definition Synopsis:
the installed operating system is part of the Unix family AND CentOS Linux 6.x is installed
Referenced By:
oval:org.mitre.oval:def:26759

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0399s

Facebook rss twitter linkedin mail