7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.045 Low
EPSS
Percentile
92.5%
CentOS Errata and Security Advisory CESA-2018:3059
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.
Security Fix(es):
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031658.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031767.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031768.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031776.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031784.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031811.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031813.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031814.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031815.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031816.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031817.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031818.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031829.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031830.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031943.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031969.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031977.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031982.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031983.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031984.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031985.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031986.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031987.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031988.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031989.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031990.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031991.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031992.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031993.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031994.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031995.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031996.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031997.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031998.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/031999.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/032000.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/032001.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/032002.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/032003.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-November/032004.html
Affected packages:
drm-utils
egl-utils
freeglut
freeglut-devel
glx-utils
intel-gpu-tools
libX11
libX11-common
libX11-devel
libXcursor
libXcursor-devel
libXfont
libXfont-devel
libXfont2
libXfont2-devel
libXres
libXres-devel
libdrm
libdrm-devel
libepoxy
libepoxy-devel
libglvnd
libglvnd-core-devel
libglvnd-devel
libglvnd-egl
libglvnd-gles
libglvnd-glx
libglvnd-opengl
libinput
libinput-devel
libwacom
libwacom-data
libwacom-devel
libxcb
libxcb-devel
libxcb-doc
mesa-demos
mesa-dri-drivers
mesa-filesystem
mesa-libEGL
mesa-libEGL-devel
mesa-libGL
mesa-libGL-devel
mesa-libGLES
mesa-libGLES-devel
mesa-libOSMesa
mesa-libOSMesa-devel
mesa-libgbm
mesa-libgbm-devel
mesa-libglapi
mesa-libwayland-egl
mesa-libwayland-egl-devel
mesa-libxatracker
mesa-libxatracker-devel
mesa-vdpau-drivers
mesa-vulkan-drivers
tigervnc
tigervnc-icons
tigervnc-license
tigervnc-server
tigervnc-server-applet
tigervnc-server-minimal
tigervnc-server-module
vulkan
vulkan-devel
vulkan-filesystem
xcb-proto
xkeyboard-config
xkeyboard-config-devel
xorg-x11-drv-ati
xorg-x11-drv-dummy
xorg-x11-drv-evdev
xorg-x11-drv-evdev-devel
xorg-x11-drv-fbdev
xorg-x11-drv-intel
xorg-x11-drv-intel-devel
xorg-x11-drv-libinput
xorg-x11-drv-libinput-devel
xorg-x11-drv-mouse
xorg-x11-drv-mouse-devel
xorg-x11-drv-nouveau
xorg-x11-drv-openchrome
xorg-x11-drv-openchrome-devel
xorg-x11-drv-qxl
xorg-x11-drv-synaptics
xorg-x11-drv-synaptics-devel
xorg-x11-drv-v4l
xorg-x11-drv-vesa
xorg-x11-drv-vmmouse
xorg-x11-drv-vmware
xorg-x11-drv-void
xorg-x11-drv-wacom
xorg-x11-drv-wacom-devel
xorg-x11-font-utils
xorg-x11-proto-devel
xorg-x11-server-Xdmx
xorg-x11-server-Xephyr
xorg-x11-server-Xnest
xorg-x11-server-Xorg
xorg-x11-server-Xspice
xorg-x11-server-Xvfb
xorg-x11-server-Xwayland
xorg-x11-server-common
xorg-x11-server-devel
xorg-x11-server-source
xorg-x11-utils
xorg-x11-xkb-extras
xorg-x11-xkb-utils
xorg-x11-xkb-utils-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2018:3059
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | i686 | freeglut | < 3.0.0-8.el7 | freeglut-3.0.0-8.el7.i686.rpm |
CentOS | 7 | x86_64 | freeglut | < 3.0.0-8.el7 | freeglut-3.0.0-8.el7.x86_64.rpm |
CentOS | 7 | i686 | freeglut-devel | < 3.0.0-8.el7 | freeglut-devel-3.0.0-8.el7.i686.rpm |
CentOS | 7 | x86_64 | freeglut-devel | < 3.0.0-8.el7 | freeglut-devel-3.0.0-8.el7.x86_64.rpm |
CentOS | 7 | x86_64 | drm-utils | < 2.4.91-3.el7 | drm-utils-2.4.91-3.el7.x86_64.rpm |
CentOS | 7 | i686 | libdrm | < 2.4.91-3.el7 | libdrm-2.4.91-3.el7.i686.rpm |
CentOS | 7 | x86_64 | libdrm | < 2.4.91-3.el7 | libdrm-2.4.91-3.el7.x86_64.rpm |
CentOS | 7 | i686 | libdrm-devel | < 2.4.91-3.el7 | libdrm-devel-2.4.91-3.el7.i686.rpm |
CentOS | 7 | x86_64 | libdrm-devel | < 2.4.91-3.el7 | libdrm-devel-2.4.91-3.el7.x86_64.rpm |
CentOS | 7 | i686 | libepoxy | < 1.5.2-1.el7 | libepoxy-1.5.2-1.el7.i686.rpm |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.045 Low
EPSS
Percentile
92.5%