LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

March 2012

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA March 2012

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Low: xorg-x11-server on SL5.x i386/x86_64
From:	Patrick Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Wed, 21 Mar 2012 16:24:51 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (98 lines)

Synopsis:    Low: xorg-x11-server security and bug fix update
Issue Date:  2012-02-21
CVE Numbers: CVE-2011-4028


X.Org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.

A flaw was found in the way the X.Org server handled lock files. A local
user with access to the system console could use this flaw to determine the
existence of a file in a directory not accessible to the user, via a
symbolic link attack. (CVE-2011-4028)

This update also fixes the following bugs:

* In rare cases, if the front and back buffer of the miDbePositionWindow()
function were not both allocated in video memory, or were both allocated in
system memory, the X Window System sometimes terminated unexpectedly. A
patch has been provided to address this issue and X no longer crashes in
the described scenario. 

* Previously, when the miSetShape() function called the miRegionDestroy()
function with a NULL region, X terminated unexpectedly if the backing store
was enabled. Now, X no longer crashes in the described scenario.

* On certain workstations running in 32-bit mode, the X11 mouse cursor
occasionally became stuck near the left edge of the X11 screen. A patch has
been provided to address this issue and the mouse cursor no longer becomes
stuck in the described scenario. 

* On certain workstations with a dual-head graphics adapter using the r500
driver in Zaphod mode, the mouse pointer was confined to one monitor screen
and could not move to the other screen. A patch has been provided to
address this issue and the mouse cursor works properly across both screens.

* Due to a double free operation, Xvfb (X virtual framebuffer) terminated
unexpectedly with a segmentation fault randomly when the last client
disconnected, that is when the server reset. This bug has been fixed in the
miDCCloseScreen() function and Xvfb no longer crashes. 

* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an
integrated graphics adapter caused the server to terminate unexpectedly.
This bug has been fixed in the code and Xephyr no longer crashes in the
described scenario. 

* Previously, when a client made a request bigger than 1/4th of the limit
advertised in the BigRequestsEnable reply, the X server closed the
connection unexpectedly. With this update, the maxBigRequestSize variable
has been added to the code to check the size of client requests, thus
fixing this bug. 

* When an X client running on a big-endian system called the
XineramaQueryScreens() function, the X server terminated unexpectedly. This
bug has been fixed in the xf86Xinerama module and the X server no longer
crashes in the described scenario. 

* When installing Scientific Linux 5 on an IBM eServer System p
blade server, the installer did not set the correct mode on the built-in
KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a
very long time to appear and then was displayed incorrectly. A patch has
been provided to address this issue and the graphical installer now works
as expected in the described scenario. Note that this fix requires the
Scientific Linux 5.8 kernel update. 

* Lines longer than 46,340 pixels can be drawn with one of the coordinates
being negative. However, for dashed lines, the miPolyBuildPoly() function
overflowed the "int" type when setting up edges for a section of a dashed
line. Consequently, dashed segments were not drawn at all. An upstream
patch has been applied to address this issue and dashed lines are now drawn
correctly. 

All users of xorg-x11-server are advised to upgrade to these updated
packages, which correct these issues. All running X.Org server instances
must be restarted for this update to take effect.

SL5:
  i386
     xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm
     xorg-x11-server-sdk-1.1.1-48.90.el5.i386.rpm
     xorg-x11-server-Xdmx-1.1.1-48.90.el5.i386.rpm
     xorg-x11-server-Xephyr-1.1.1-48.90.el5.i386.rpm
     xorg-x11-server-Xnest-1.1.1-48.90.el5.i386.rpm
     xorg-x11-server-Xorg-1.1.1-48.90.el5.i386.rpm
     xorg-x11-server-Xvfb-1.1.1-48.90.el5.i386.rpm
     xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.i386.rpm
  x86_64
     xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm
     xorg-x11-server-sdk-1.1.1-48.90.el5.x86_64.rpm
     xorg-x11-server-Xdmx-1.1.1-48.90.el5.x86_64.rpm
     xorg-x11-server-Xephyr-1.1.1-48.90.el5.x86_64.rpm
     xorg-x11-server-Xnest-1.1.1-48.90.el5.x86_64.rpm
     xorg-x11-server-Xorg-1.1.1-48.90.el5.x86_64.rpm
     xorg-x11-server-Xvfb-1.1.1-48.90.el5.x86_64.rpm
     xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV