Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM16E0802C41B854F547BA4C1A7B78A66FCF33C5179C37D411C3C8E3CB1749EA2A
HistoryJan 31, 2019 - 2:25 a.m.

Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libXrender (CVE-2016-7949 CVE-2016-7950)

2019-01-3102:25:02
www.ibm.com
13

EPSS

0.014

Percentile

86.3%

JSON

Summary

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in X.Org libXrender.

Vulnerability Details

Summary

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in X.Org libXrender.

Vulnerability Details

CVEID: CVE-2016-7949

Description: X.Org libXrender could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory write error. An attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117548&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-7950

Description: X.Org libXrender could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory write error. An attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117549&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected products and versions

Product Version
IBM Dynamic System Analysis (DSA) Preboot 9.6

Remediation/Fixes

Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/&gt;

Product Fix Version
IBM Dynamic System Analysis (DSA) Preboot
(ibm_fw_dsa_dsyte2w-9.65) dsyte2w-9.65

Workarounds and Mitigations

None.

References

Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Lenovo Product Security Advisories

Acknowledgement

None.

Change History
21 November, 2017: Original Version Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

openvas 12
nessus 20
osv 2
fedora 3
ubuntu 1
debian 1
prion 2
cve 2
redhatcve 2
nvd 2
ubuntucve 2
debiancve 2
cvelist 2
mageia 1
slackware 1
gentoo 1
openvas
openvas
Ubuntu: Security Advisory (USN-5436-1)
2022-08-26 00:00:00
Fedora Update for libXrender FEDORA-2016-ade20198ff
2016-12-07 00:00:00
Huawei EulerOS: Security Advisory for libXrender (EulerOS-SA-2020-2020)
2020-09-29 00:00:00
nessus
nessus
EulerOS 2.0 SP2 : libXrender (EulerOS-SA-2019-2458)
2019-12-04 00:00:00
Debian DLA-664-1 : libxrender security update
2016-10-19 00:00:00
RHEL 5 : libxrender (Unpatched Vulnerability)
2024-05-11 00:00:00
osv
osv
libxrender vulnerabilities
2022-05-23 18:04:37
libxrender - security update
2016-10-18 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: libXrender-0.9.10-1.fc24
2016-10-09 06:23:29
[SECURITY] Fedora 23 Update: libXrender-0.9.10-1.fc23
2016-11-01 16:25:00
[SECURITY] Fedora 25 Update: libXrender-0.9.10-1.fc25
2016-10-10 17:59:45
ubuntu
ubuntu
libXrender vulnerabilities
2022-05-23 00:00:00
debian
debian
[SECURITY] [DLA 664-1] libxrender security update
2016-10-18 14:37:43
prion
prion
Out-of-bounds
2016-12-13 20:59:00
Buffer overflow
2016-12-13 20:59:00
cve
cve
CVE-2016-7949
2016-12-13 20:59:15
CVE-2016-7950
2016-12-13 20:59:16
redhatcve
redhatcve
CVE-2016-7950
2016-10-05 11:47:43
CVE-2016-7949
2016-10-05 11:47:20
nvd
nvd
CVE-2016-7950
2016-12-13 20:59:16
CVE-2016-7949
2016-12-13 20:59:15
ubuntucve
ubuntucve
CVE-2016-7950
2016-12-13 00:00:00
CVE-2016-7949
2016-12-13 00:00:00
debiancve
debiancve
CVE-2016-7950
2016-12-13 20:59:16
CVE-2016-7949
2016-12-13 20:59:15
cvelist
cvelist
CVE-2016-7949
2016-12-13 20:00:00
CVE-2016-7950
2016-12-13 20:00:00
mageia
mageia
Updated X11 client libraries packages fix security vulnerability
2018-01-01 18:50:28
slackware
slackware
[slackware-security] x11
2016-11-01 03:40:24
gentoo
gentoo
X.Org: Multiple vulnerabilities
2017-04-10 00:00:00

EPSS

0.014

Percentile

86.3%

JSON
Related for 16E0802C41B854F547BA4C1A7B78A66FCF33C5179C37D411C3C8E3CB1749EA2A
openvas12nessus20osv2fedora3ubuntu1debian1prion2cve2redhatcve2nvd2ubuntucve2debiancve2cvelist2mageia1slackware1gentoo1