CVE-2008-2360

Name of the Vulnerable Software and Affected Versions XFree86-doc versions 4.1.0 through 4.3.0 XFree86-twm versions 4.1.0 through 4.3.0 XFree86-Mesa-libGLU version 4.3.0 XFree86-devel versions 4.1.0 through 4.3.0 XFree86-font-utils version 4.3.0 XFree86-xf86cfg versions 4.1.0 XFree86-ISO8859-9-75dpi-fonts versions 4.1.0 through 4.3.0 XFree86-ISO8859-15-75dpi-fonts versions 4.1.0 through 4.3.0 XFree86-cyrillic-fonts versions 4.1.0 through 4.3.0 xorg-x11-server-sdk version 1.1.1 XFree86-ISO8859-14-75dpi-fonts version 4.3.0 XFree86-ISO8859-9-100dpi-fonts versions 4.1.0 through 4.3.0 XFree86-xdm versions 4.1.0 through 4.3.0 XFree86-libs versions 4.1.0 through 4.3.0 XFree86-tools versions 4.1.0 through 4.3.0 XFree86-ISO8859-2-75dpi-fonts versions 4.1.0 through 4.3.0 xorg-server versions prior to 1.3.0.0-r6 XFree86-syriac-fonts version 4.3.0 xorg-x11-server-Xdmx version 1.1.1 XFree86-ISO8859-15-100dpi-fonts versions 4.1.0 through 4.3.0 xorg-x11-server-Xnest version 1.1.1 XFree86-75dpi-fonts versions 4.1.0 through 4.3.0 XFree86-base-fonts version 4.3.0 XFree86-ISO8859-15-100dpi-fonts version 4.1.0 xorg-x11-server-Xorg version 1.1.1 xorg-x11-server version 1.1.1 xorg-x11-server-Xephyr version 1.1.1 XFree86-ISO8859-2-100dpi-fonts versions 4.1.0 through 4.3.0 XFree86-devel version 4.1.0 xorg-x11-Xvnc XFree86-ISO8859-9-100dpi-fonts version 4.1.0 XFree86-xfs versions 4.1.0 through 4.3.0 XFree86-Xvfb versions 4.1.0 through 4.3.0 xorg-x11-server-randr-source version 1.1.1 XFree86-4.1.0 XFree86-4.3.0 XFree86-ISO8859-2-75dpi-fonts version 4.3.0 XFree86-libs-data version 4.3.0 XFree86-ISO8859-14-100dpi-fonts version 4.3.0 XFree86-ISO8859-9-75dpi-fonts version 4.1.0 XFree86-Xnest versions 4.1.0 through 4.3.0 XFree86-sdk version 4.3.0 XFree86-100dpi-fonts versions 4.1.0 through 4.3.0 XFree86-Mesa-libGL version 4.3.0 XFree86-ISO8859-2-100dpi-fonts version 4.1.0 XFree86-truetype-fonts version 4.3.0

Description The issue is related to multiple vulnerabilities in various XFree86 and xorg-x11 packages, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities are caused by an integer overflow in the AllocateGlyph function in the Render extension in the X server, allowing context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, triggering a heap-based buffer overflow.

Recommendations For XFree86-doc versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-twm versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-Mesa-libGLU version 4.3.0, update to a version outside of this range. For XFree86-devel versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-font-utils version 4.3.0, update to a version outside of this range. For XFree86-xf86cfg versions 4.1.0, update to a version outside of this range. For XFree86-ISO8859-9-75dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-ISO8859-15-75dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-cyrillic-fonts versions 4.1.0 through 4.3.0, update to a version outside of this range. For xorg-x11-server-sdk version 1.1.1, update to a version outside of this range. For XFree86-ISO8859-14-75dpi-fonts version 4.3.0, update to a version outside of this range. For XFree86-ISO8859-9-100dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-xdm versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-libs versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-tools versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-ISO8859-2-75dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside of this range. For xorg-server versions prior to 1.3.0.0-r6, update to version 1.3.0.0-r6 or later. For XFree86-syriac-fonts version 4.3.0, update to a version outside of this range. For xorg-x11-server-Xdmx version 1.1.1, update to a version outside of this range. For XFree86-ISO8859-15-100dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside of this range. For xorg-x11-server-Xnest version 1.1.1, update to a version outside of this range. For XFree86-75dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-base-fonts version 4.3.0, update to a version outside of this range. For XFree86-ISO8859-15-100dpi-fonts version 4.1.0, update to a version outside of this range. For xorg-x11-server-Xorg version 1.1.1, update to a version outside of this range. For xorg-x11-server version 1.1.1, update to a version outside of this range. For xorg-x11-server-Xephyr version 1.1.1, update to a version outside of this range. For XFree86-ISO8859-2-100dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-devel version 4.1.0, update to a version outside of this range. For xorg-x11-Xvnc, update to a version outside of this range. For XFree86-ISO8859-9-100dpi-fonts version 4.1.0, update to a version outside of this range. For XFree86-xfs versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-Xvfb versions 4.1.0 through 4.3.0, update to a version outside of this range. For xorg-x11-server-randr-source version 1.1.1, update to a version outside of this range. For XFree86-4.1.0, update to a version outside of this range. For XFree86-4.3.0, update to a version outside of this range. For XFree86-ISO8859-2-75dpi-fonts version 4.3.0, update to a version outside of this range. For XFree86-libs-data version 4.3.0, update to a version outside of this range. For XFree86-ISO8859-14-100dpi-fonts version 4.3.0, update to a version outside of this range. For XFree86-ISO8859-9-75dpi-fonts version 4.1.0, update to a version outside of this range. For XFree86-Xnest versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-sdk version 4.3.0, update to a version outside of this range. For XFree86-100dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside of this range. For XFree86-Mesa-libGL version 4.3.0, update to a version outside of this range. For XFree86-ISO8859-2-100dpi-fonts version 4.1.0, update to a version outside of this range. For XFree86-truetype-fonts version 4.3.0, update to a version outside of this range.