Paketname
x11-server
Datum
2013-10-28
Advisory ID
MDVSA-2013:260
Betroffene Versionen
MES5 i586 , MES5 x86_64

Problembeschreibung

Multiple vulnerabilities has been discovered and corrected in
x11-server:

The fbComposite function in fbpict.c in the Render extension in the
X server in X.Org X11R7.1 allows remote authenticated users to cause
a denial of service (memory corruption and daemon crash) or possibly
execute arbitrary code via a crafted request, related to an incorrect
macro definition (CVE-2010-1166).

The LockServer function in os/utils.c in X.Org xserver before 1.11.2
allows local users to determine the existence of arbitrary files via a
symlink attack on a temporary lock file, which is handled differently
if the file exists (CVE-2011-4028).

The LockServer function in os/utils.c in X.Org xserver before 1.11.2
allows local users to change the permissions of arbitrary files to
444, read those files, and possibly cause a denial of service (removed
execution permission) via a symlink attack on a temporary lock file
(CVE-2011-4029).

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not
properly restrict access to input events when adding a new hot-plug
device, which might allow physically proximate attackers to obtain
sensitive information, as demonstrated by reading passwords from a tty
(CVE-2013-1940).

Use-after-free vulnerability in the doImageText function in
dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11
allows remote authenticated users to cause a denial of service (daemon
crash) or possibly execute arbitrary code via a crafted ImageText
request that triggers memory-allocation failure (CVE-2013-4396).

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

MES5 i586

 a73aa283cf94400e0af0b11fc8a2a6b9  mes5/i586/x11-server-1.4.2-11.3mdvmes5.2.i586.rpm
 a65c8e58bd15175c8352da38a5721c43  mes5/i586/x11-server-common-1.4.2-11.3mdvmes5.2.i586.rpm
 d4398c247ed04a13a2d3f5c051dcee88  mes5/i586/x11-server-devel-1.4.2-11.3mdvmes5.2.i586.rpm
 29078fbf5bf33fef699c321d9c97ccc6  mes5/i586/x11-server-xdmx-1.4.2-11.3mdvmes5.2.i586.rpm
 a9d443ea9de2368373af2c347469fe42  mes5/i586/x11-server-xephyr-1.4.2-11.3mdvmes5.2.i586.rpm
 3b9f1956088c7e12a175765161144690  mes5/i586/x11-server-xfake-1.4.2-11.3mdvmes5.2.i586.rpm
 8135ba65d0b038423d27b4815c1b390b  mes5/i586/x11-server-xfbdev-1.4.2-11.3mdvmes5.2.i586.rpm
 c2f4b333fe7c6f9a2b30d6cc30984e0d  mes5/i586/x11-server-xnest-1.4.2-11.3mdvmes5.2.i586.rpm
 c76331eb74f237b911cb21787336f49b  mes5/i586/x11-server-xorg-1.4.2-11.3mdvmes5.2.i586.rpm
 f37f1f00901b0b59e95c71c86861a384  mes5/i586/x11-server-xsdl-1.4.2-11.3mdvmes5.2.i586.rpm
 727295af93352d079a60b3c1f92b5018  mes5/i586/x11-server-xvfb-1.4.2-11.3mdvmes5.2.i586.rpm
 ca3bd6b9d68e2116a5760e4ea8b9ff0c  mes5/i586/x11-server-xvnc-1.4.2-11.3mdvmes5.2.i586.rpm 
 c406dd6e75c04cbf78bbc0afe0618cdf  mes5/SRPMS/x11-server-1.4.2-11.3mdvmes5.2.src.rpm

MES5 x86_64

 00dff9eca0385261fcbb82cea561f2bc  mes5/x86_64/x11-server-1.4.2-11.3mdvmes5.2.x86_64.rpm
 3855173ec01c95f2ebfd97dfc768e166  mes5/x86_64/x11-server-common-1.4.2-11.3mdvmes5.2.x86_64.rpm
 a85befa24073def2a6df5e28c97ca58c  mes5/x86_64/x11-server-devel-1.4.2-11.3mdvmes5.2.x86_64.rpm
 17d1a36a63bd48fe003414b28f075572  mes5/x86_64/x11-server-xdmx-1.4.2-11.3mdvmes5.2.x86_64.rpm
 55826f5ea8d83e30e09338d5d11634a6  mes5/x86_64/x11-server-xephyr-1.4.2-11.3mdvmes5.2.x86_64.rpm
 4a6bd309659efa2cf5050747ac06728e  mes5/x86_64/x11-server-xfake-1.4.2-11.3mdvmes5.2.x86_64.rpm
 ead9ec3aca0b3920df94d5046444e5b8  mes5/x86_64/x11-server-xfbdev-1.4.2-11.3mdvmes5.2.x86_64.rpm
 8601ccbbe5ec8118a467049e2d126001  mes5/x86_64/x11-server-xnest-1.4.2-11.3mdvmes5.2.x86_64.rpm
 63054297d0b0c31fe6c5af9725cfced3  mes5/x86_64/x11-server-xorg-1.4.2-11.3mdvmes5.2.x86_64.rpm
 f17aff8621da91cb9c8794400f44f8c0  mes5/x86_64/x11-server-xsdl-1.4.2-11.3mdvmes5.2.x86_64.rpm
 eed4bc40b9a9cfa7b44ddc1d1c0f377f  mes5/x86_64/x11-server-xvfb-1.4.2-11.3mdvmes5.2.x86_64.rpm
 4bdd1d1dd6f8b4088f70257f599f5311  mes5/x86_64/x11-server-xvnc-1.4.2-11.3mdvmes5.2.x86_64.rpm 
 c406dd6e75c04cbf78bbc0afe0618cdf  mes5/SRPMS/x11-server-1.4.2-11.3mdvmes5.2.src.rpm

Referenzen