FreeBSD: xorg -- multiple vulnerabilities (Multiple CVEs)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | January 18, 2008 | May 08, 2014 | February 21, 2017 |
Description
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
- APPLE-APPLE-SA-2008-03-18
- BID-27336
- BID-27350
- BID-27351
- BID-27352
- BID-27353
- BID-27354
- BID-27355
- BID-27356
- CVE-2007-5760
- CVE-2007-5958
- CVE-2007-6427
- CVE-2007-6428
- CVE-2007-6429
- CVE-2008-0006
- DEBIAN-DSA-1466
- OVAL-OVAL10021
- OVAL-OVAL10372
- OVAL-OVAL10991
- OVAL-OVAL11045
- OVAL-OVAL11718
- OVAL-OVAL11754
- OVAL-OVAL5393
- REDHAT-RHSA-2008:0029
- REDHAT-RHSA-2008:0030
- REDHAT-RHSA-2008:0031
- REDHAT-RHSA-2008:0064
- SUSE-SUSE-SA:2008:003
- URL: http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
- URL: http://lists.freedesktop.org/archives/xorg/2008-January/032099.html
- XF-39759
- XF-39761
- XF-39763
- XF-39764
- XF-39766
- XF-39767
- XF-39769
Solution
freebsd-upgrade-package-libxfontRelated Vulnerabilities
- Gentoo Linux: CVE-2007-5760: X.Org X server and Xfont library: Multiple vulnerabilities
- Gentoo Linux: CVE-2007-5958: X.Org X server and Xfont library: Multiple vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2007-6429
- OS X security update 2008-002 for X11 (CVE-2007-6427)
- OS X security update 2008-002 for X11 (CVE-2007-6428)
- SUSE Linux Security Advisory: SUSE-SR:2008:003
- SUSE Linux Security Vulnerability: CVE-2007-6428
- OS X security update 2008-002 for X11 (CVE-2007-6429)
- IBM AIX: X_advisory2, xorg_advisory (CVE-2007-6427): Memory leak vulnerability in AIX X-server
- ELSA-2008-0031 Important: Enterprise Linux xorg-x11-server security update
- SUSE Linux Security Vulnerability: CVE-2007-6427
- Sun Patch: X11 6.4.1_x86: Xsun patch
- HP-UX: CVE-2007-6427: Running Xserver, Remote Execution of Arbitrary Code
- SUSE Linux Security Advisory: SUSE-SR:2008:008
- ELSA-2008-0029 Important: Enterprise Linux XFree86 security update
- SUSE Linux Security Vulnerability: CVE-2008-0006
- Sun Patch: X11 6.6.2_x86: Xsun patch
- ELSA-2008-0064 Important: Enterprise Linux libXfont security update
- Sun Patch: X11 6.6.2: Xsun patch
- SUSE-SA:2008:003: Xorg and XFree
- SUSE-SR:2008:003:vuln9: NX also affected by X.org security problems
- OS X security update 2008-002 for X11 (CVE-2008-0006)
- OS X security update 2008-002 for X11 (CVE-2007-5958)
- ELSA-2008-0030 Important: Enterprise Linux xorg-x11 security update
- HP-UX: CVE-2007-6429: Running Xserver, Remote Execution of Arbitrary Code
- IBM AIX: xorg_advisory (CVE-2007-6429): Multiple vulnerabilities in the X server
- Sun Patch: X11 6.7.0_x86: Xorg patch
- CESA-2008:0030: RHSA-2008:0030
- SUSE Linux Security Vulnerability: CVE-2007-5760
- RHSA-2008:0029: XFree86 security update
- HP-UX: CVE-2007-5958: Running Xserver, Remote Execution of Arbitrary Code
- Sun Patch: X11 6.6.1_x86: Xsun patch
- Gentoo Linux: CVE-2007-6429: X.Org X server and Xfont library: Multiple vulnerabilities
- Sun Patch: X11 6.4.1: Xsun patch
- HP-UX: CVE-2008-0006: Running Xserver, Remote Execution of Arbitrary Code
- CESA-2008:0031: xorg-x11-server security update
- Gentoo Linux: CVE-2007-6427: X.Org X server and Xfont library: Multiple vulnerabilities
- Gentoo Linux: CVE-2007-6428: X.Org X server and Xfont library: Multiple vulnerabilities
- RHSA-2008:0030: xorg-x11 security update
- USN-571-1: X.org vulnerabilities
- Sun Patch: X11 6.8.0_x86: Xorg server patch
- CESA-2008:0029: XFree86 security update
- Sun Patch: X11 6.6.1: Xsun patch
- SUSE Linux Security Vulnerability: CVE-2007-5958
- Sun Patch: X11 6.8.0: Xorg server patch
- RHSA-2008:0031: xorg-x11-server security update
- SUSE-SR:2008:008:vuln4: xgl various X related security fixes
- CESA-2008:0064: libXfont security update
- Gentoo Linux: CVE-2008-0006: X.Org X server and Xfont library: Multiple vulnerabilities
- SUSE Linux Security Advisory: SUSE-SA:2008:003
- RHSA-2008:0064: libXfont security update