Executive Summary
Summary | |
---|---|
Title | Xorg security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2019:2079 | First vendor Publication | 2019-08-06 |
Vendor | RedHat | Last vendor Modification | 2019-08-06 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An update for Xorg is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598) * libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599) * libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600) * libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857) * libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash (CVE-2018-15853) * libxkbcommon: NULL pointer dereference resulting in a crash (CVE-2018-15854) * libxkbcommon: NULL pointer dereference when handling xkb_geometry (CVE-2018-15855) * libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash (CVE-2018-15856) * libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash (CVE-2018-15859) * libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash (CVE-2018-15861) * libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash (CVE-2018-15862) * libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash (CVE-2018-15863) * libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash (CVE-2018-15864) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1529419 - RHEL-7.5-Alpha Message log show " fatal IO error 11 (Resource temporarily unavailable) on X server ":9"" 1623009 - CVE-2018-15853 libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash 1623012 - CVE-2018-15854 libxkbcommon: NULL pointer dereference resulting in a crash 1623013 - CVE-2018-15855 libxkbcommon: NULL pointer dereference when handling xkb_geometry 1623018 - CVE-2018-15856 libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash 1623022 - CVE-2018-15857 libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash 1623026 - CVE-2018-15859 libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash 1623028 - CVE-2018-15861 libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash 1623029 - CVE-2018-15862 libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash 1623030 - CVE-2018-15863 libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash 1623033 - CVE-2018-15864 libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash 1623238 - CVE-2018-14598 libX11: Crash on invalid reply in XListExtensions in ListExt.c 1623242 - CVE-2018-14600 libX11: Out of Bounds write in XListExtensions in ListExt.c 1623250 - CVE-2018-14599 libX11: Off-by-one error in XListExtensions in ListExt.c 1624847 - [RHEL 7.6 Bug] Can not install with graphic mode or boot into graphic mode 1632807 - User session is terminated after User Switch 1635747 - Switching users in GNOME session is starting new X servers for the user, and a user logout is making it unusable. 1642197 - Cintiq 27QHD triggers error messages on proximity in 1648116 - radeon caicos family GPU locks up in ring 0 after update to 7.6 1650166 - Xorg crash after RHEL7.6 update 1650634 - FBDEV(1): FBIOPUTCMAP and xorg fails to load 1665433 - [Hyper-V][RHEL 7.6]Startx will have segment fault with hyper-V environment 1674474 - Xorg crashes with SIGABRT with radeon driver 1680120 - Killing inactive user causes active session to fail 1724300 - visual lag and screen update delays with libX11 |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2019-2079.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
58 % | CWE-476 | NULL Pointer Dereference |
8 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
8 % | CWE-416 | Use After Free |
8 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
8 % | CWE-193 | Off-by-one Error |
8 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-4295467df0.nasl - Type : ACT_GATHER_INFO |
2018-11-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201811-01.nasl - Type : ACT_GATHER_INFO |
2018-10-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201810-05.nasl - Type : ACT_GATHER_INFO |
2018-08-30 | Name : The remote Debian host is missing a security update. File : debian_DLA-1482.nasl - Type : ACT_GATHER_INFO |
2018-08-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_fe99d3caa63a11e8a7c654e1ad3d6335.nasl - Type : ACT_GATHER_INFO |
2018-08-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2018-233-01.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-03-19 13:18:51 |
|