Rapid7 Vulnerability & Exploit Database

CESA-2007:0126: xorg-x11 security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

CESA-2007:0126: xorg-x11 security update

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

03/24/2007

Created

07/25/2018

Added

03/12/2010

Modified

07/04/2017

Description

Updated X.org packages that fix several security issues are now available for CentOS Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues.

Solution(s)

centos-upgrade-xorg-x11
centos-upgrade-xorg-x11-deprecated-libs
centos-upgrade-xorg-x11-deprecated-libs-devel
centos-upgrade-xorg-x11-devel
centos-upgrade-xorg-x11-doc
centos-upgrade-xorg-x11-font-utils
centos-upgrade-xorg-x11-libs
centos-upgrade-xorg-x11-mesa-libgl
centos-upgrade-xorg-x11-mesa-libglu
centos-upgrade-xorg-x11-sdk
centos-upgrade-xorg-x11-tools
centos-upgrade-xorg-x11-twm
centos-upgrade-xorg-x11-xauth
centos-upgrade-xorg-x11-xdm
centos-upgrade-xorg-x11-xdmx
centos-upgrade-xorg-x11-xfs
centos-upgrade-xorg-x11-xnest
centos-upgrade-xorg-x11-xvfb

References

https://attackerkb.com/topics/cve-2007-1003
APPLE-SA-2007-11-14
APPLE-SA-2009-02-12
23283
23284
23300
23402
CESA-2007:0126
CVE - 2007-1003
CVE - 2007-1351
CVE - 2007-1352
CVE - 2007-1667
DSA-1294
DSA-1454
DSA-1858
OVAL10523
OVAL11266
OVAL13243
OVAL1693
OVAL1810
OVAL1980
OVAL9776
OVAL9798
RHSA-2007:0125
RHSA-2007:0126
RHSA-2007:0127
RHSA-2007:0132
RHSA-2007:0150
RHSA-2007:0157
SUSE-SA:2007:027
33417
33419
33424

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;