Upstream information

CVE-2008-2361 at MITRE

Description

Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:L/Au:S/C:N/I:N/A:C
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
SUSE Bugzilla entry: 374321 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • xorg-x11-Xvnc >= 7.4-27.19.19
  • xorg-x11-server >= 7.4-27.19.19
  • xorg-x11-server-extra >= 7.4-27.19.19
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA xorg-x11-Xvnc
SUSE Linux Enterprise Server 11 SP2
  • xorg-x11-Xvnc >= 7.4-27.60.5
  • xorg-x11-server >= 7.4-27.60.5
  • xorg-x11-server-extra >= 7.4-27.60.5
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA xorg-x11-Xvnc
SUSE Linux Enterprise Server 11 SP3
  • xorg-x11-Xvnc >= 7.4-27.81.7
  • xorg-x11-server >= 7.4-27.81.7
  • xorg-x11-server-extra >= 7.4-27.81.7
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA xorg-x11-Xvnc
SUSE Linux Enterprise Server 11 SP4
  • xorg-x11-Xvnc >= 7.4-27.105.1
  • xorg-x11-server >= 7.4-27.105.1
  • xorg-x11-server-extra >= 7.4-27.105.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA xorg-x11-Xvnc
SUSE Linux Enterprise Software Development Kit 11 SP4
  • xorg-x11-server-sdk >= 7.4-27.105.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA xorg-x11-server-sdk
SUSE Linux Enterprise SDK 10 SP2
  • xorg-x11-Xvfb >= 6.9.0-50.60
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
sles10-sp2.s390x
sles10.s390x
ZYPP Patch Nr: 5322
SUSE Linux Enterprise SDK 10 SP2
  • xgl >= cvs_060522-0.44
sle10-sp2-sdk.x86-64
sle10-sp2-sdk.x86
sle10-sp1-sdk.ppc
sle10-sp1-sdk.ia64
sles10-sp2-debuginfo.x86-64
sle10-sp2-sdk.ia64
sled10-sp2.x86
sle10-sp1-sdk.x86
sle10-sp2-sdk.ppc
sled10-sp2.x86-64
sle10-sp1-sdk.x86-64
sles10-sp2-debuginfo.ia64
sles10-sp2-debuginfo.x86
sles10-sp2-debuginfo.ppc
sled10.x86
sled10.x86-64
ZYPP Patch Nr: 5528
openSUSE 11.0
  • xgl-debuginfo >= git_071026-79.3
  • xgl-debugsource >= git_071026-79.3
openSUSE 11.0
  • xgl >= git_071026-79.3
openSUSE 11.0
  • xorg-x11-Xvnc >= 7.3-110.2
  • xorg-x11-server >= 7.3-110.2
  • xorg-x11-server-extra >= 7.3-110.2
  • xorg-x11-server-sdk >= 7.3-110.2
SUSE Linux Enterprise SDK 10 SP2
  • xorg-x11-Xvfb >= 6.9.0-50.60
sle10-sp2-sdk.ppc
sled10.x86
sles10-sp2.x86
sle10-sp2-sdk.ia64
sle10-sp1-sdk.x86-64
sles10.ppc
sle10-sp1-sdk.ppc
sles10-sp2.x86-64
sles10-sp2.ppc
sled10-sp2.x86
sles10.x86-64
sles10-sp2.ia64
sle10-sp1-sdk.ia64
sles10.x86
sled10.x86-64
sle10-sp1-sdk.x86
sle10-sp2-sdk.x86-64
sles10.ia64
sle10-sp2-sdk.x86
sled10-sp2.x86-64
ZYPP Patch Nr: 5321
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Open Enterprise Server
  • XFree86-Xnest >= 4.3.99.902-43.96
  • XFree86-Xprt >= 4.3.99.902-43.96
  • XFree86-Xvfb >= 4.3.99.902-43.96
  • XFree86-Xvnc >= 4.3.99.902-43.96
  • XFree86-server >= 4.3.99.902-43.96
core9.x86-64
sles9-nld.x86
sles9-nlpos.x86
core9.x86
sles9-oes.x86
core9.ppc
sles9-nld.x86-64
core9.ia64
YOU Patch Nr: 12170