CVE-2010-4819

Name of the Vulnerable Software and Affected Versions xorg-x11-server-Xorg versions 1.7.7 xorg-x11-server-Xephyr versions 1.7.7 xorg-x11-server-common versions 1.7.7 xorg-x11-server-debuginfo versions 1.7.7 xorg-x11-server-Xnest versions 1.7.7 xorg-x11-server-Xdmx versions 1.7.7 xorg-x11-server-devel versions 1.7.7 xorg-x11-server-Xvfb versions 1.7.7

Description The issue concerns multiple vulnerabilities in the xorg-x11-server package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely by an attacker who has passed the authentication procedure. The ProcRenderAddGlyphs function in the Render extension allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."

Recommendations For xorg-x11-server-Xorg version 1.7.7, update to a newer version to mitigate the risk. For xorg-x11-server-Xephyr version 1.7.7, update to a newer version to mitigate the risk. For xorg-x11-server-common version 1.7.7, update to a newer version to mitigate the risk. For xorg-x11-server-debuginfo version 1.7.7, update to a newer version to mitigate the risk. For xorg-x11-server-Xnest version 1.7.7, update to a newer version to mitigate the risk. For xorg-x11-server-Xdmx version 1.7.7, update to a newer version to mitigate the risk. For xorg-x11-server-devel version 1.7.7, update to a newer version to mitigate the risk. For xorg-x11-server-Xvfb version 1.7.7, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the ProcRenderAddGlyphs function until a patch is available.