The following packages are being added to resolve an issue with conflicts:
i386:
gnome-screensaver-2.28.3-18.el6.i686.rpm
x86_64:
gnome-screensaver-2.28.3-18.el6.x86_64.rpm
On 07/09/2012 10:00 AM, Patrick Riehecky wrote:
> Synopsis: Low: xorg-x11-server security and bug fix update
> Issue Date: 2012-06-20
> CVE Numbers: CVE-2011-4029
> CVE-2011-4028
>
>
> X.Org is an open source implementation of the X Window System. It provides
> the basic low-level functionality that full-fledged graphical user
> interfaces are designed upon.
>
> A flaw was found in the way the X.Org server handled lock files. A local
> user with access to the system console could use this flaw to determine the
> existence of a file in a directory not accessible to the user, via a
> symbolic link attack. (CVE-2011-4028)
>
> A race condition was found in the way the X.Org server managed temporary
> lock files. A local attacker could use this flaw to perform a symbolic link
> attack, allowing them to make an arbitrary file world readable, leading to
> the disclosure of sensitive information. (CVE-2011-4029)
>
>
> This update also fixes the following bugs:
>
> * Prior to this update, the KDE Display Manager (KDM) could pass invalid
> 24bpp pixmap formats to the X server. As a consequence, the X server could
> unexpectedly abort. This update modifies the underlying code to pass the
> correct formats.
>
> * Prior to this update, absolute input devices, like the stylus of a
> graphic tablet, could become unresponsive in the right-most or bottom-most
> screen if the X server was configured as a multi-screen setup through
> multiple "Device" sections in the xorg.conf file. This update changes the
> screen crossing behavior so that absolute devices are always mapped across
> all screens.
>
> * Prior to this update, the misleading message "Session active, not
> inhibited, screen idle. If you see this test, your display server is broken
> and you should notify your distributor." could be displayed after resuming
> the system or re-enabling the display, and included a URL to an external
> web page. This update removes this message.
>
> * Prior to this update, the erroneous input handling code of the Xephyr
> server disabled screens on a screen crossing event. The focus was only on
> the screen where the mouse was located and only this screen was updated
> when the Xephyr nested X server was configured in a multi-screen setup.
> This update removes this code and Xephyr now correctly updates screens in
> multi-screen setups.
>
> * Prior to this update, raw events did not contain relative axis values. As
> a consequence, clients which relied on relative values for functioning did
> not behave as expected. This update sets the values to the original driver
> values instead of the already transformed values. Now, raw events contain
> relative axis values as expected.
>
> All users of xorg-x11-server are advised to upgrade to these updated
> packages, which correct these issues. All running X.Org server instances
> must be restarted for this update to take effect.
>
> SL6:
> i386
> xorg-x11-server-common-1.10.6-1.sl6.i686.rpm
> xorg-x11-server-debuginfo-1.10.6-1.sl6.i686.rpm
> xorg-x11-server-devel-1.10.6-1.sl6.i686.rpm
> xorg-x11-server-Xdmx-1.10.6-1.sl6.i686.rpm
> xorg-x11-server-Xephyr-1.10.6-1.sl6.i686.rpm
> xorg-x11-server-Xnest-1.10.6-1.sl6.i686.rpm
> xorg-x11-server-Xorg-1.10.6-1.sl6.i686.rpm
> xorg-x11-server-Xvfb-1.10.6-1.sl6.i686.rpm
> noarch
> xorg-x11-server-source-1.10.6-1.sl6.noarch.rpm
> x86_64
> xorg-x11-server-common-1.10.6-1.sl6.x86_64.rpm
> xorg-x11-server-debuginfo-1.10.6-1.sl6.i686.rpm
> xorg-x11-server-debuginfo-1.10.6-1.sl6.x86_64.rpm
> xorg-x11-server-devel-1.10.6-1.sl6.i686.rpm
> xorg-x11-server-devel-1.10.6-1.sl6.x86_64.rpm
> xorg-x11-server-Xdmx-1.10.6-1.sl6.x86_64.rpm
> xorg-x11-server-Xephyr-1.10.6-1.sl6.x86_64.rpm
> xorg-x11-server-Xnest-1.10.6-1.sl6.x86_64.rpm
> xorg-x11-server-Xorg-1.10.6-1.sl6.x86_64.rpm
> xorg-x11-server-Xvfb-1.10.6-1.sl6.x86_64.rpm
>
> - Scientific Linux Development Team
--
Pat Riehecky
Scientific Linux Developer
|
