{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Xfree86 4.6.x ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Xfree86 4.4.x ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Xfree86 4.1.x ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"X Window System 11 (X11) 7.X.","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Xfree86 4.2.x ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"X Window System 11 (X11) 6.X ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Xfree86 4.3.x ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Xfree86 4.5.x ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nTrois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans X.org. Ces vuln\u00e9rabilit\u00e9s\nsont dues \u00e0 une erreur dans le traitement des entr\u00e9es des fonctions\nProcRenderAddGlyphs(), ProcDbeSwapBuffers() et ProcDbeGetVisualInfo().\nCes vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un utilisateur\nmalintentionn\u00e9 afin d'obtenir les privil\u00e8ges de l'utilisateur sous\nlequel est lanc\u00e9 le serveur X (en g\u00e9n\u00e9ral, root).\n\nUn syst\u00e8me ne pr\u00e9sente ces vuln\u00e9rabilit\u00e9s que s'il est configur\u00e9 avec\nles extensions DBE et Render (l'extension Render est install\u00e9e par\nd\u00e9faut).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 des \u00e9diteurs pour l'obtention des\ncorrectifs, ou installer la version 7.2RC3 du serveur X.org (cf. section\nDocumentation).\n","cves":[{"name":"CVE-2006-6101","url":"https://www.cve.org/CVERecord?id=CVE-2006-6101"},{"name":"CVE-2006-6103","url":"https://www.cve.org/CVERecord?id=CVE-2006-6103"},{"name":"CVE-2006-6102","url":"https://www.cve.org/CVERecord?id=CVE-2006-6102"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Debian DSA-1249 du 15 janvier 2007 :","url":"http://www.us.debian.org/security/2007/dsa-1249"},{"title":"Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007-005 du 09 janvier    2007 :","url":"http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007-005"},{"title":"Bulletin de s\u00e9curit\u00e9 Suse SUSE-SA:2007:008 du 12 janvier    2007 :","url":"http://support.novell.com/techcenter/pdsb/380666439b7217bd698fe6e5213851c.html"},{"title":"Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0003 du 10 janvier    2007 :","url":"http://rhn.redhat.com/errata/RHSA-2007-0003.html"},{"title":"Bulletin de s\u00e9curit\u00e9 iDefense du 09 janvier 2007 :","url":"http://www.idefense.com/application/poi/display?id=463"},{"title":"Bulletin de s\u00e9curit\u00e9 iDefense du 09 janvier 2007 :","url":"http://www.idefense.com/application/poi/display?id=465"},{"title":"Bulletin de s\u00e9curit\u00e9 iDefense du 09 janvier 2007 :","url":"http://www.idefense.com/application/poi/display?id=464"},{"title":"Bulletin de s\u00e9curit\u00e9 de HP HPSPBUX02225 du 12 juin 2007 :","url":"http://h20000.www.2.hp.com/bizsupport/techSupport/Document.jsp?objectID=c01075678"},{"title":"Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200701-25 du 27 janvier    2007 :","url":"http://www.gentoo.org/security/en/glsa/glsa-200701-25.xml"}],"reference":"CERTA-2007-AVI-025","revisions":[{"description":"version initiale.","revision_date":"2007-01-10T00:00:00.000000"},{"description":"syst\u00e8mes affect\u00e9s et r\u00e9f\u00e9rence Suse.","revision_date":"2007-01-15T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo et Debian.","revision_date":"2007-01-30T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence au bulletin HP.","revision_date":"2007-06-19T00:00:00.000000"}],"risks":[{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans X.org. Ces\nvuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es afin d'obtenir une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n","title":"Multiples vuln\u00e9rabilit\u00e9s de X.org","vendor_advisories":[{"published_at":null,"title":"Bulletins de s\u00e9curit\u00e9 iDefense 463 \u00e0 465","url":null}]}