Executive Summary
Summary | |
---|---|
Title | xorg-x11-server security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0382 | First vendor Publication | 2010-04-28 |
Vendor | RedHat | Last vendor Modification | 2010-04-28 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 3.9 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An incorrect calculation flaw was discovered in the X.Org Render extension. A malicious, authorized client could exploit this issue to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-1166) Users of xorg-x11-server should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 495733 - Xorg crashes with latest firefox 582601 - CVE-2010-1166 Xorg: X server Render extension memory corruption |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0382.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10112 | |||
Oval ID: | oval:org.mitre.oval:def:10112 | ||
Title: | The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. | ||
Description: | The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1166 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22204 | |||
Oval ID: | oval:org.mitre.oval:def:22204 | ||
Title: | RHSA-2010:0382: xorg-x11-server security update (Important) | ||
Description: | The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0382-01 CESA-2010:0382 CVE-2010-1166 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | xorg-x11-server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23049 | |||
Oval ID: | oval:org.mitre.oval:def:23049 | ||
Title: | ELSA-2010:0382: xorg-x11-server security update (Important) | ||
Description: | The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0382-01 CVE-2010-1166 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | xorg-x11-server |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for xorg-x11-server-sdk CESA-2010:0382 centos5 i386 File : nvt/gb_CESA-2010_0382_xorg-x11-server-sdk_centos5_i386.nasl |
2010-05-28 | Name : Ubuntu Update for xorg-server vulnerabilities USN-939-1 File : nvt/gb_ubuntu_USN_939_1.nasl |
2010-04-30 | Name : RedHat Update for xorg-x11-server RHSA-2010:0382-01 File : nvt/gb_RHSA-2010_0382-01_xorg-x11-server.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
64246 | X.Org X11 X Server Render Extension fbpict.c fbComposite Function Macro Defin... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_xorg-x11-Xvnc-100819.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0382.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100428_xorg_x11_server_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-Xvnc-100819.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xorg-x11-7002.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xorg-x11-Xvnc-7126.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12638.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_xorg-x11-Xvnc-100805.nasl - Type : ACT_GATHER_INFO |
2010-07-09 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12612.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0382.nasl - Type : ACT_GATHER_INFO |
2010-05-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-939-1.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0382.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:28 |
|