Detections
Analytics

Oracle Linux 7 : X.org / X11 (ELSA-2018-3059)

critical Nessus Plugin ID 181044

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-3059 advisory.

 freeglut [3.0.0-8]
 - HTTPS URLs
 - Pin soname to libglut.so.3 in the %files glob

 [3.0.0-7]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

 [3.0.0-6]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

 [3.0.0-5]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

 [3.0.0-4]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

 [3.0.0-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

 [3.0.0-2]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

 [3.0.0-1]
 - New upstream version

 [2.8.1-5]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

 [2.8.1-4]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

 libX11 [1.6.5-2]
 - Rebuild to pick up new xproto keysyms (#1600147)

 libXcursor [1.1.15-1]
 - libXcursor 1.1.15

 libXfont [1.5.4-1]
 - libXfont 1.5.4.

 libXfont2 [2.0.3-1]
 - libXfont 2.0.3

 libXres [1.2.0-1]
 - libXres 1.2.0

 libdrm [2.4.91-3]
 - Add WHL, AML, etc PCI IDs

 [2.4.91-2]
 - libdrm 2.4.91

 libepoxy [1.5.2-1]
 - epoxy 1.5.2

 libglvnd [1.0.1-0.8.git5baa1e5]
 - rename fallback from fedora to system

 [1.0.1-0.7.git5baa1e5]
 - Add another fallback GLX library name

 [1.0.1-0.6.git5baa1e5]
 - Enable %check for all but ppc64 and s390x, which has known but low-impact failures
 - Simplify %release

 [1.0.1-0.5.20180327git5baa1e5]
 - Go back to Requires: mesa-*, the fallout is too great (#1568881 etc)

 [1:1.0.1-0.4.20180327git5baa1e5]
 - Update snapshot to 20180327

 [1.0.1-0.3.20180226gitb029c24]
 - Use Recommends: mesa-* not Requires.
 - (Trivially) switch the build to python3

 [1:1.0.1-0.2.20180226gitb029c24]
 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)

 [1:1.0.1-0.1.20180226gitb029c24]
 - Update snapshot to 20180226
 - Update scriptlets

 libinput [1.10.7-2]
 - Correct the automake version number to 1.10.7 (#1564642)

 [1.10.7-1]
 - libinput 1.10.7 (#1564642)

 libwacom [0.30-1]
 - libwacom 0.30 (#1564606)

 libxcb [1.13-1]
 - libxcb 1.13

 mesa [18.0.5-3]
 - rename fedora to system in glvnd fallback

 [18.0.5-2]
 - Fix timeout overflow warnings (backport from upstream + virgl)

 [18.0.5-1]
 - Mesa 18.0.5

 [18.0.4-1.20180530]
 - rebase to 18.0.4
 - backport shm put/get image for improved sw renderers (esp under qxl)

 [18.0.3-5.20180508]
 - Fix gl.pc when using glvnd
 - Fix subpackage dependencies for glvnd

 [18.0.3-2.20180508]
 - Use glvnd

 [18.0.3-1.20180508]
 - rebase to 18.0.3

 mesa-demos [8.3.0-10]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

 [8.3.0-9]
 - New git snapshot

 [8.3.0-8]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

 [8.3.0-7]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

 [8.3.0-6]
 - Fix xdriinfo not working with libglvnd (rhbz#1429894)

 [8.3.0-5]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

 [8.3.0-4]
 - Rebuild for glew 2.0.0

 [8.3.0-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

 [8.3.0-2]
 - Rebuild for glew 1.13

 [8.3.0-1]
 - 8.3.0

 [8.2.0-5]
 - New git snap
 - Add EGL/GLES buildreqs and egl-utils subpackage

 [8.2.0-4]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

 tigervnc [1.8.0-13]
 - Add one remaining option to Xvnc manpage Resolves: bz#1601880

 [1.8.0-12]
 - Add missing options to Xvnc manpage Resolves: bz#1601880

 [1.8.0-11]
 - Properly kill session after user logs out Resolves: bz#1259757

 [1.8.0-10]
 - Check endianness when constructing platform pixel buffer Resolves: bz#1613264

 [1.8.0-9]
 - Use current server time for XUngrabPointer and XUngrabKeyboard Resolves: bz#1605325

 [1.8.0-8]
 - Ignore fake focus events from XGrabKeyboard() Resolves: bz#1602855

 [1.8.0-7] Properly support Xorg 1.20 Resolves: bz#1564061

 [1.8.0-6]
 - Kill session after user logs out Resolves: bz#1259757

 Build against Xorg 1.20 Resolves: bz#1564061

 vulkan [1.1.73.0-1]
 - Update to 1.1.73.0 release
 - fixup spec for spirv-tools etc

 xcb-proto [1.13-1]
 - xcb-proto 1.13

 [1.12-6]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

 [1.12-5]
 - Add a build-time dependency on python2-devel

 [1.12-4]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

 [1.12-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

 xkeyboard-config [2.24-1]
 - xkeyboard-config 2.24 (#1564615)
 - Revert the high-keycode patches to avoid conflicts with xkbcomp < 1.4

 [2.23.1-1]
 - xkeyboard-config 2.23.1 (#1564615)

 xorg-x11-drv-ati [18.0.1-1]
 - ati 18.0.1

 xorg-x11-drv-dummy [0.3.7-1.1]
 - Rebuild for xserver 1.20

 xorg-x11-drv-evdev [2.10.6-1]
 - evdev 2.10.6 (#1564618)

 xorg-x11-drv-fbdev [0.5.0-1]
 - fbdev 0.5.0

 [0.4.3-25.1]
 - Rebuild for xserver 1.20

 xorg-x11-drv-intel [2.99.917-28]
 - Today's git snapshot (commit 35947721)

 xorg-x11-drv-libinput [0.27.1-2]
 - Fix invalid-sized memset() in the draglock code

 [0.27.1-1]
 - libinput 0.27.1 (#1564643)

 xorg-x11-drv-mouse [1.9.2-2]
 - Avoid use of xf86GetOS (#1592607)

 xorg-x11-drv-nouveau [1.0.15-1]
 - nouveau 1.0.15

 [1:1.0.13-3.1]
 - Rebuild for xserver 1.20

 xorg-x11-drv-openchrome [0.5.0-3.1]
 - Rebuild for xserver 1.20

 xorg-x11-drv-qxl [0.1.5-4.1]
 - Rebuild for xserver 1.20

 [0.1.5-4]
 - Fix crash when multiple QXL devices are in use Resolves: rhbz#1428340

 xorg-x11-drv-synaptics [1.9.0-2]
 - Fix infinite log spam in case of read errors (#1564624).

 xorg-x11-drv-v4l [0.2.0-49]
 - Remove call to LoaderGetOS - Patch wasn't applied (#1601960)

 [0.2.0-48]
 - Remove call to LoaderGetOS (#1601960)

 xorg-x11-drv-vesa [2.4.0-1]
 - vesa 2.4.0

 [2.3.2-25.1.1]
 - Rebuild for xserver 1.20

 xorg-x11-drv-vmmouse [13.1.0-1.1]
 - Rebuild for xserver 1.20

 xorg-x11-drv-vmware [13.2.1-1.1]
 - Rebuild for xserver 1.20

 xorg-x11-drv-void [1.4.1-2.1]
 - Rebuild for xserver 1.20

 xorg-x11-drv-wacom [0.36.1-1]
 - wacom 0.36.1 (#1564630)

 xorg-x11-font-utils [1:7.5-21]
 - Rebase to F28 (#1564630)

 xorg-x11-proto-devel [2018.4-1]
 - xorgproto 2018.4

 [2018.3-1]
 - xorgproto 2018.3

 [2018.2-1]
 - xorgproto 2018.2

 [2018.1-2]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

 [2018.1-1]
 - Switch to merged protocol headers
 - Drop evie headers
 - Pre-F18 changelog trim

 [7.7-24]
 - Drop bootstrap hack (that had been enabled for like nine years anyway)
 - Use https URLs

 [7.7-23]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

 [7.7-22]
 - Add xproto patches from upstream adding XF86Keyboard and XF86RFKill keysyms

 [7.7-21]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

 xorg-x11-server [1.20.1-3]
 - Try harder to come up with an initial spanning configuration

 [1.20.1-2]
 - Make platform device probe a bit less fragile
 - Disable glamor on llvmpipe

 [1.20.1-1]
 - xserver 1.20.1
 - Enable backing store's Always mode

 [1.20.0-2]
 - Fix glx vendor hash table key size
 - Fix memory corruption during PanoramiX setup (#1601742)

 [1.20.0-1]
 - Fix 16bpp with modesetting driver

 [1.20.0-0.3]
 - Add patches for bz1591978

 [1.20.0-0.2]
 - Add patches for bz1585252

 [1.20.0-0.1]
 - Initial 1.20 rebuild

 xorg-x11-utils [7.5-23]
 - xlsclients 1.1.4
 - xlsfonts 1.0.6
 - xprop 1.2.3
 - HTTPS URLs

 xorg-x11-xkb-utils [7.7-14]
 - xkbcomp 1.4.2 (#1564634)

 [7.7-13]
 - Sync with F28 (#1564634)
 - setxkbmap 1.3.1
 - xkbcomp 1.4.1
 - xkbevd 1.1.4
 - xkbprint 1.0.4

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2018-3059.html

Plugin Details

Severity: Critical

ID: 181044

File Name: oraclelinux_ELSA-2018-3059.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/7/2023

Updated: 11/1/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-9262

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:vulkan-devel, p-cpe:/a:oracle:linux:xorg-x11-drv-ati, p-cpe:/a:oracle:linux:libdrm, p-cpe:/a:oracle:linux:mesa-filesystem, p-cpe:/a:oracle:linux:xorg-x11-drv-void, p-cpe:/a:oracle:linux:xorg-x11-drv-fbdev, p-cpe:/a:oracle:linux:mesa-libegl, p-cpe:/a:oracle:linux:libglvnd-core-devel, p-cpe:/a:oracle:linux:xorg-x11-server-source, p-cpe:/a:oracle:linux:xorg-x11-utils, p-cpe:/a:oracle:linux:libglvnd-opengl, p-cpe:/a:oracle:linux:mesa-libwayland-egl-devel, p-cpe:/a:oracle:linux:xorg-x11-xkb-utils-devel, p-cpe:/a:oracle:linux:xorg-x11-drv-libinput-devel, p-cpe:/a:oracle:linux:mesa-libgl-devel, p-cpe:/a:oracle:linux:xorg-x11-drv-libinput, p-cpe:/a:oracle:linux:libxres-devel, p-cpe:/a:oracle:linux:tigervnc, p-cpe:/a:oracle:linux:mesa-libxatracker-devel, p-cpe:/a:oracle:linux:libepoxy, p-cpe:/a:oracle:linux:libglvnd-glx, p-cpe:/a:oracle:linux:mesa-libgbm-devel, p-cpe:/a:oracle:linux:libglvnd-egl, p-cpe:/a:oracle:linux:mesa-libgles, p-cpe:/a:oracle:linux:egl-utils, p-cpe:/a:oracle:linux:mesa-libwayland-egl, p-cpe:/a:oracle:linux:intel-gpu-tools, p-cpe:/a:oracle:linux:mesa-libxatracker, p-cpe:/a:oracle:linux:xkeyboard-config, p-cpe:/a:oracle:linux:libxcursor, p-cpe:/a:oracle:linux:libdrm-devel, p-cpe:/a:oracle:linux:xorg-x11-server-xvfb, p-cpe:/a:oracle:linux:freeglut, p-cpe:/a:oracle:linux:libwacom-devel, p-cpe:/a:oracle:linux:mesa-demos, p-cpe:/a:oracle:linux:xorg-x11-proto-devel, p-cpe:/a:oracle:linux:xorg-x11-drv-evdev-devel, p-cpe:/a:oracle:linux:libglvnd-devel, p-cpe:/a:oracle:linux:xorg-x11-drv-intel, p-cpe:/a:oracle:linux:xorg-x11-server-xnest, p-cpe:/a:oracle:linux:libx11-common, p-cpe:/a:oracle:linux:mesa-vdpau-drivers, p-cpe:/a:oracle:linux:xorg-x11-drv-v4l, p-cpe:/a:oracle:linux:xorg-x11-server-common, p-cpe:/a:oracle:linux:tigervnc-license, p-cpe:/a:oracle:linux:xorg-x11-drv-vmmouse, p-cpe:/a:oracle:linux:mesa-libosmesa, p-cpe:/a:oracle:linux:xorg-x11-drv-dummy, p-cpe:/a:oracle:linux:xorg-x11-drv-vmware, p-cpe:/a:oracle:linux:xorg-x11-drv-mouse-devel, p-cpe:/a:oracle:linux:xorg-x11-drv-qxl, p-cpe:/a:oracle:linux:libxfont, p-cpe:/a:oracle:linux:xorg-x11-drv-synaptics-devel, p-cpe:/a:oracle:linux:drm-utils, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:tigervnc-server-module, p-cpe:/a:oracle:linux:xorg-x11-server-xorg, p-cpe:/a:oracle:linux:xorg-x11-drv-mouse, p-cpe:/a:oracle:linux:libxcb, p-cpe:/a:oracle:linux:xcb-proto, p-cpe:/a:oracle:linux:xorg-x11-font-utils, p-cpe:/a:oracle:linux:xkeyboard-config-devel, p-cpe:/a:oracle:linux:libwacom-data, p-cpe:/a:oracle:linux:libxcb-devel, p-cpe:/a:oracle:linux:xorg-x11-xkb-extras, p-cpe:/a:oracle:linux:libglvnd-gles, p-cpe:/a:oracle:linux:tigervnc-server-minimal, p-cpe:/a:oracle:linux:mesa-libgles-devel, p-cpe:/a:oracle:linux:tigervnc-icons, p-cpe:/a:oracle:linux:tigervnc-server, p-cpe:/a:oracle:linux:xorg-x11-drv-wacom-devel, p-cpe:/a:oracle:linux:xorg-x11-server-xspice, p-cpe:/a:oracle:linux:xorg-x11-drv-evdev, p-cpe:/a:oracle:linux:freeglut-devel, p-cpe:/a:oracle:linux:tigervnc-server-applet, p-cpe:/a:oracle:linux:mesa-vulkan-drivers, p-cpe:/a:oracle:linux:mesa-libgl, p-cpe:/a:oracle:linux:libinput-devel, p-cpe:/a:oracle:linux:xorg-x11-drv-openchrome, p-cpe:/a:oracle:linux:libxres, p-cpe:/a:oracle:linux:mesa-libosmesa-devel, p-cpe:/a:oracle:linux:xorg-x11-drv-nouveau, p-cpe:/a:oracle:linux:libxcursor-devel, p-cpe:/a:oracle:linux:libx11-devel, p-cpe:/a:oracle:linux:mesa-dri-drivers, p-cpe:/a:oracle:linux:xorg-x11-drv-intel-devel, p-cpe:/a:oracle:linux:libxfont2-devel, p-cpe:/a:oracle:linux:libwacom, p-cpe:/a:oracle:linux:mesa-libgbm, p-cpe:/a:oracle:linux:xorg-x11-drv-vesa, p-cpe:/a:oracle:linux:xorg-x11-drv-wacom, p-cpe:/a:oracle:linux:glx-utils, p-cpe:/a:oracle:linux:libxcb-doc, p-cpe:/a:oracle:linux:libinput, p-cpe:/a:oracle:linux:xorg-x11-server-xephyr, p-cpe:/a:oracle:linux:libepoxy-devel, p-cpe:/a:oracle:linux:xorg-x11-drv-synaptics, p-cpe:/a:oracle:linux:vulkan-filesystem, p-cpe:/a:oracle:linux:libxfont2, p-cpe:/a:oracle:linux:libglvnd, p-cpe:/a:oracle:linux:libxfont-devel, p-cpe:/a:oracle:linux:vulkan, p-cpe:/a:oracle:linux:xorg-x11-xkb-utils, p-cpe:/a:oracle:linux:xorg-x11-server-xwayland, p-cpe:/a:oracle:linux:xorg-x11-drv-openchrome-devel, p-cpe:/a:oracle:linux:mesa-libegl-devel, p-cpe:/a:oracle:linux:xorg-x11-server-xdmx, p-cpe:/a:oracle:linux:mesa-libglapi, p-cpe:/a:oracle:linux:xorg-x11-server-devel, p-cpe:/a:oracle:linux:libx11

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 11/5/2018

Vulnerability Publication Date: 8/1/2018

Reference Information

CVE: CVE-2015-9262