Lucene search

CentOS ProjectCESA-2021:2033

HistoryJun 14, 2021 - 6:37 p.m.

xorg security update

2021-06-1418:37:36

CentOS Project

lists.centos.org

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

CentOS Errata and Security Advisory CESA-2021:2033

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

xorg-x11-server: XChangeFeedbackControl integer underflow leads to privilege escalation (CVE-2021-3472)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2021-June/086111.html

Affected packages:
xorg-x11-server-Xdmx
xorg-x11-server-Xephyr
xorg-x11-server-Xnest
xorg-x11-server-Xorg
xorg-x11-server-Xvfb
xorg-x11-server-Xwayland
xorg-x11-server-common
xorg-x11-server-devel
xorg-x11-server-source

Upstream details at:
https://access.redhat.com/errata/RHSA-2021:2033

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64xorg-x11-server-common< 1.20.4-16.el7_9xorg-x11-server-common-1.20.4-16.el7_9.x86_64.rpm
CentOS7i686xorg-x11-server-devel< 1.20.4-16.el7_9xorg-x11-server-devel-1.20.4-16.el7_9.i686.rpm
CentOS7x86_64xorg-x11-server-devel< 1.20.4-16.el7_9xorg-x11-server-devel-1.20.4-16.el7_9.x86_64.rpm
CentOS7noarchxorg-x11-server-source< 1.20.4-16.el7_9xorg-x11-server-source-1.20.4-16.el7_9.noarch.rpm
CentOS7x86_64xorg-x11-server-xdmx< 1.20.4-16.el7_9xorg-x11-server-Xdmx-1.20.4-16.el7_9.x86_64.rpm
CentOS7x86_64xorg-x11-server-xephyr< 1.20.4-16.el7_9xorg-x11-server-Xephyr-1.20.4-16.el7_9.x86_64.rpm
CentOS7x86_64xorg-x11-server-xnest< 1.20.4-16.el7_9xorg-x11-server-Xnest-1.20.4-16.el7_9.x86_64.rpm
CentOS7x86_64xorg-x11-server-xorg< 1.20.4-16.el7_9xorg-x11-server-Xorg-1.20.4-16.el7_9.x86_64.rpm
CentOS7x86_64xorg-x11-server-xvfb< 1.20.4-16.el7_9xorg-x11-server-Xvfb-1.20.4-16.el7_9.x86_64.rpm
CentOS7x86_64xorg-x11-server-xwayland< 1.20.4-16.el7_9xorg-x11-server-Xwayland-1.20.4-16.el7_9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	x86_64	xorg-x11-server-common	< 1.20.4-16.el7_9	xorg-x11-server-common-1.20.4-16.el7_9.x86_64.rpm
CentOS	7	i686	xorg-x11-server-devel	< 1.20.4-16.el7_9	xorg-x11-server-devel-1.20.4-16.el7_9.i686.rpm
CentOS	7	x86_64	xorg-x11-server-devel	< 1.20.4-16.el7_9	xorg-x11-server-devel-1.20.4-16.el7_9.x86_64.rpm
CentOS	7	noarch	xorg-x11-server-source	< 1.20.4-16.el7_9	xorg-x11-server-source-1.20.4-16.el7_9.noarch.rpm
CentOS	7	x86_64	xorg-x11-server-xdmx	< 1.20.4-16.el7_9	xorg-x11-server-Xdmx-1.20.4-16.el7_9.x86_64.rpm
CentOS	7	x86_64	xorg-x11-server-xephyr	< 1.20.4-16.el7_9	xorg-x11-server-Xephyr-1.20.4-16.el7_9.x86_64.rpm
CentOS	7	x86_64	xorg-x11-server-xnest	< 1.20.4-16.el7_9	xorg-x11-server-Xnest-1.20.4-16.el7_9.x86_64.rpm
CentOS	7	x86_64	xorg-x11-server-xorg	< 1.20.4-16.el7_9	xorg-x11-server-Xorg-1.20.4-16.el7_9.x86_64.rpm
CentOS	7	x86_64	xorg-x11-server-xvfb	< 1.20.4-16.el7_9	xorg-x11-server-Xvfb-1.20.4-16.el7_9.x86_64.rpm
CentOS	7	x86_64	xorg-x11-server-xwayland	< 1.20.4-16.el7_9	xorg-x11-server-Xwayland-1.20.4-16.el7_9.x86_64.rpm