Synopsis: Moderate: xorg-x11-server-utils security update Issue date: 2011-04-11 CVE Names: CVE-2011-0465 A flaw was found in the X.Org X server resource database utility, xrdb. Certain variables were not properly sanitized during the launch of a user's graphical session, which could possibly allow a remote attacker to execute arbitrary code with root privileges, if they were able to make the display manager execute xrdb with a specially-crafted X client hostname. For example, by configuring the hostname on the target system via a crafted DHCP reply, or by using the X Display Manager Control Protocol (XDMCP) to connect to that system from a host that has a special DNS name. (CVE-2011-0465) All running X.Org server instances must be restarted for this update to take effect. SL 5.x SRPMS: xorg-x11-server-utils-7.1-5.el5_6.1.src.rpm i386: xorg-x11-server-utils-7.1-5.el5_6.1.i386.rpm x86_64: xorg-x11-server-utils-7.1-5.el5_6.1.x86_64.rpm SL 6.x SRPMS: xorg-x11-server-utils-7.4-15.el6_0.1.src.rpm i386: xorg-x11-server-utils-7.4-15.el6_0.1.i686.rpm x86_64: xorg-x11-server-utils-7.4-15.el6_0.1.x86_64.rpm -Connie Sieh -Troy Dawson