Low CentOS xorg-x11-apps Update

Metadata

medium
6.9
xorg-x11-apps-7.6-6.el6.i686.rpm, xorg-x11-apps-7.6-6.el6.src.rpm, xorg-x11-apps-7.6-6.el6.x86_64.rpm, xorg-x11-server-utils-7.5-13.el6.i686.rpm, xorg-x11-server-utils-7.5-13.el6.src.rpm, xorg-x11-server-utils-7.5-13.el6.x86_64.rpm, xorg-x11-utils-7.5-6.el6.i686.rpm, xorg-x11-utils-7.5-6.el6.src.rpm, xorg-x11-utils-7.5-6.el6.x86_64.rpm
CVE-2011-2504
rhn.redhat.com, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org
2013-03-09
2017-07-27 19:04
CVE-2011-2504 x11-apps
CVE-2011-2504
2017-04-01 19:06
2017-01-05 20:10

Description


Updated core client packages for the X Window System that fix one security
issue, several bugs, and add various enhancements are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The Core X11 clients packages provide the xorg-x11-utils,
xorg-x11-server-utils, and xorg-x11-apps clients that ship with the X
Window System.

It was found that the x11perfcomp utility included the current working
directory in its PATH environment variable. Running x11perfcomp in an
attacker-controlled directory would cause arbitrary code execution with
the privileges of the user running x11perfcomp. (CVE-2011-2504)

Also with this update, the xorg-x11-utils and xorg-x11-server-utils
packages have been upgraded to upstream version 7.5, and the xorg-x11-apps
package to upstream version 7.6, which provides a number of bug fixes and
enhancements over the previous versions. (BZ#835277, BZ#835278, BZ#835281)

All users of xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps are
advised to upgrade to these updated packages, which fix these issues and
add these enhancements.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 xorg-x11-apps xorg-x11-apps-7.6-6.el6.i686.rpm
xorg-x11-apps xorg-x11-apps-7.6-6.el6.src.rpm
xorg-x11-apps xorg-x11-apps-7.6-6.el6.x86_64.rpm
xorg-x11-server-utils xorg-x11-server-utils-7.5-13.el6.i686.rpm
xorg-x11-server-utils xorg-x11-server-utils-7.5-13.el6.src.rpm
xorg-x11-server-utils xorg-x11-server-utils-7.5-13.el6.x86_64.rpm
xorg-x11-utils xorg-x11-utils-7.5-6.el6.i686.rpm
xorg-x11-utils xorg-x11-utils-7.5-6.el6.src.rpm
xorg-x11-utils xorg-x11-utils-7.5-6.el6.x86_64.rpm