LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

April 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA April 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA Moderate: xorg-x11-server-utils on SL5.x, SL6.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Tue, 19 Apr 2011 10:22:55 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (85 lines)

* This security update applied a backported patch to fix a flaw in the
X server resource database utility, xrdb. While this patch resolved the
security issue, it also introduced an error in the macro expansion
mechanism. Consequent to this, an attempt to run the xrdb utility could
fail with the following messages written to standard error:

sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file

With this update, the underlying source code has been adapted to correct
the macro expansion mechanism, and the xrdb utility now works as expected.

Note that all running instances of the X.Org server must be restarted
for this update to take effect.

SL 5.x

        SRPMS:
xorg-x11-server-utils-7.1-5.el5_6.2.src.rpm
        i386:
xorg-x11-server-utils-7.1-5.el5_6.2.i386.rpm
        x86_64:
xorg-x11-server-utils-7.1-5.el5_6.2.x86_64.rpm

SL 6.x

        SRPMS:
xorg-x11-server-utils-7.4-15.el6_0.2.src.rpm
        i386:
xorg-x11-server-utils-7.4-15.el6_0.2.i686.rpm
        x86_64:
xorg-x11-server-utils-7.4-15.el6_0.2.x86_64.rpm

- Scientific Linux Development Team

On 04/12/2011 03:28 PM, Troy J Dawson wrote:
> Synopsis:	Moderate: xorg-x11-server-utils security update
> Issue date:	2011-04-11
> CVE Names:	CVE-2011-0465
>
> A flaw was found in the X.Org X server resource database utility, xrdb.
> Certain variables were not properly sanitized during the launch of a
> user's graphical session, which could possibly allow a remote attacker
> to execute arbitrary code with root privileges, if they were able to
> make the display manager execute xrdb with a specially-crafted X client
> hostname. For example, by configuring the hostname on the target system
> via a crafted DHCP reply, or by using the X Display Manager Control
> Protocol (XDMCP) to connect to that system from a host that has a
> special DNS name. (CVE-2011-0465)
>
> All running X.Org server instances must be restarted for this update to
> take effect.
>
> SL 5.x
>
>         SRPMS:
> xorg-x11-server-utils-7.1-5.el5_6.1.src.rpm
>         i386:
> xorg-x11-server-utils-7.1-5.el5_6.1.i386.rpm
>         x86_64:
> xorg-x11-server-utils-7.1-5.el5_6.1.x86_64.rpm
>
> SL 6.x
>
>         SRPMS:
> xorg-x11-server-utils-7.4-15.el6_0.1.src.rpm
>         i386:
> xorg-x11-server-utils-7.4-15.el6_0.1.i686.rpm
>         x86_64:
> xorg-x11-server-utils-7.4-15.el6_0.1.x86_64.rpm
>
> -Connie Sieh
> -Troy Dawson
>
>
>
>


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/SCF/FEF/SLSMS Group
__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV