Security update for xorg-x11-server
SUSE Security Update: Security update for xorg-x11-server
This is a SLES 11 SP1 LTSS rollup update for the X.Org Server package.
The following security issues have been fixed:
* CVE-2013-6424: Integer underflow in the xTrapezoidValid macro in
render/picture.h in X.Org allowed context-dependent attackers to
cause a denial of service (crash) via a negative bottom value.
* CVE-2013-4396: Use-after-free vulnerability in the doImageText
function in dix/dixfonts.c in the xorg-server module before 1.14.4
in X.Org X11 allowed remote authenticated users to cause a denial of
service (daemon crash) or possibly execute arbitrary code via a
crafted ImageText request that triggers memory-allocation failure.
* CVE-2013-1940: X.Org X server did not properly restrict access to
input events when adding a new hot-plug device, which might have
allowed physically proximate attackers to obtain sensitive
information, as demonstrated by reading passwords from a tty.
The following non-security issues have been fixed:
* rfbAuthReenable is accessing rfbClient structure that was in most
cases already freed. It actually needs only ScreenPtr, so pass it
directly. (bnc#816813)
* Memory leaks in ARGB cursor handling. (bnc#813178, bnc#813683)
Security Issues:
* CVE-2013-1940
* CVE-2013-4396
* CVE-2013-6424
| Announcement ID: | SUSE-SU-2014:0744-1 |
| Rating: | moderate |
| References: | #813178 #813683 #814653 #816813 #843652 #853846 |
| Affected Products: |
An update that solves three vulnerabilities and has three fixes is now available.
Description:
This is a SLES 11 SP1 LTSS rollup update for the X.Org Server package.
The following security issues have been fixed:
* CVE-2013-6424: Integer underflow in the xTrapezoidValid macro in
render/picture.h in X.Org allowed context-dependent attackers to
cause a denial of service (crash) via a negative bottom value.
* CVE-2013-4396: Use-after-free vulnerability in the doImageText
function in dix/dixfonts.c in the xorg-server module before 1.14.4
in X.Org X11 allowed remote authenticated users to cause a denial of
service (daemon crash) or possibly execute arbitrary code via a
crafted ImageText request that triggers memory-allocation failure.
* CVE-2013-1940: X.Org X server did not properly restrict access to
input events when adding a new hot-plug device, which might have
allowed physically proximate attackers to obtain sensitive
information, as demonstrated by reading passwords from a tty.
The following non-security issues have been fixed:
* rfbAuthReenable is accessing rfbClient structure that was in most
cases already freed. It actually needs only ScreenPtr, so pass it
directly. (bnc#816813)
* Memory leaks in ARGB cursor handling. (bnc#813178, bnc#813683)
Security Issues:
* CVE-2013-1940
* CVE-2013-4396
* CVE-2013-6424
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP1 LTSS:
zypper in -t patch slessp1-xorg-x11-Xvnc-9126
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):
- xorg-x11-Xvnc-7.4-27.40.70.1
- xorg-x11-server-7.4-27.40.70.1
- xorg-x11-server-extra-7.4-27.40.70.1
References:
- http://support.novell.com/security/cve/CVE-2013-1940.html
- http://support.novell.com/security/cve/CVE-2013-4396.html
- http://support.novell.com/security/cve/CVE-2013-6424.html
- https://bugzilla.novell.com/813178
- https://bugzilla.novell.com/813683
- https://bugzilla.novell.com/814653
- https://bugzilla.novell.com/816813
- https://bugzilla.novell.com/843652
- https://bugzilla.novell.com/853846
- http://download.suse.com/patch/finder/?keywords=ba40d48b0976dd6e6e280de949ecbe09