Solution
Please Install the Updated Packages.
Insight
XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop.
An input validation flaw was discovered in X.org's Security and Record extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-1377)
An integer overflow flaw was found in X.org's Render extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-2360)
An input validation flaw was discovered in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory.
This could result in the sensitive data of other users of the X.org server being disclosed. (CVE-2008-1379)
Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
Affected
XFree86 on CentOS 2
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-1377, CVE-2008-1379, CVE-2008-2360 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities