The following packages are being added to resolve an issue with conflicts: i386: gnome-screensaver-2.28.3-18.el6.i686.rpm x86_64: gnome-screensaver-2.28.3-18.el6.x86_64.rpm On 07/09/2012 10:00 AM, Patrick Riehecky wrote: > Synopsis: Low: xorg-x11-server security and bug fix update > Issue Date: 2012-06-20 > CVE Numbers: CVE-2011-4029 > CVE-2011-4028 > > > X.Org is an open source implementation of the X Window System. It provides > the basic low-level functionality that full-fledged graphical user > interfaces are designed upon. > > A flaw was found in the way the X.Org server handled lock files. A local > user with access to the system console could use this flaw to determine the > existence of a file in a directory not accessible to the user, via a > symbolic link attack. (CVE-2011-4028) > > A race condition was found in the way the X.Org server managed temporary > lock files. A local attacker could use this flaw to perform a symbolic link > attack, allowing them to make an arbitrary file world readable, leading to > the disclosure of sensitive information. (CVE-2011-4029) > > > This update also fixes the following bugs: > > * Prior to this update, the KDE Display Manager (KDM) could pass invalid > 24bpp pixmap formats to the X server. As a consequence, the X server could > unexpectedly abort. This update modifies the underlying code to pass the > correct formats. > > * Prior to this update, absolute input devices, like the stylus of a > graphic tablet, could become unresponsive in the right-most or bottom-most > screen if the X server was configured as a multi-screen setup through > multiple "Device" sections in the xorg.conf file. This update changes the > screen crossing behavior so that absolute devices are always mapped across > all screens. > > * Prior to this update, the misleading message "Session active, not > inhibited, screen idle. If you see this test, your display server is broken > and you should notify your distributor." could be displayed after resuming > the system or re-enabling the display, and included a URL to an external > web page. This update removes this message. > > * Prior to this update, the erroneous input handling code of the Xephyr > server disabled screens on a screen crossing event. The focus was only on > the screen where the mouse was located and only this screen was updated > when the Xephyr nested X server was configured in a multi-screen setup. > This update removes this code and Xephyr now correctly updates screens in > multi-screen setups. > > * Prior to this update, raw events did not contain relative axis values. As > a consequence, clients which relied on relative values for functioning did > not behave as expected. This update sets the values to the original driver > values instead of the already transformed values. Now, raw events contain > relative axis values as expected. > > All users of xorg-x11-server are advised to upgrade to these updated > packages, which correct these issues. All running X.Org server instances > must be restarted for this update to take effect. > > SL6: > i386 > xorg-x11-server-common-1.10.6-1.sl6.i686.rpm > xorg-x11-server-debuginfo-1.10.6-1.sl6.i686.rpm > xorg-x11-server-devel-1.10.6-1.sl6.i686.rpm > xorg-x11-server-Xdmx-1.10.6-1.sl6.i686.rpm > xorg-x11-server-Xephyr-1.10.6-1.sl6.i686.rpm > xorg-x11-server-Xnest-1.10.6-1.sl6.i686.rpm > xorg-x11-server-Xorg-1.10.6-1.sl6.i686.rpm > xorg-x11-server-Xvfb-1.10.6-1.sl6.i686.rpm > noarch > xorg-x11-server-source-1.10.6-1.sl6.noarch.rpm > x86_64 > xorg-x11-server-common-1.10.6-1.sl6.x86_64.rpm > xorg-x11-server-debuginfo-1.10.6-1.sl6.i686.rpm > xorg-x11-server-debuginfo-1.10.6-1.sl6.x86_64.rpm > xorg-x11-server-devel-1.10.6-1.sl6.i686.rpm > xorg-x11-server-devel-1.10.6-1.sl6.x86_64.rpm > xorg-x11-server-Xdmx-1.10.6-1.sl6.x86_64.rpm > xorg-x11-server-Xephyr-1.10.6-1.sl6.x86_64.rpm > xorg-x11-server-Xnest-1.10.6-1.sl6.x86_64.rpm > xorg-x11-server-Xorg-1.10.6-1.sl6.x86_64.rpm > xorg-x11-server-Xvfb-1.10.6-1.sl6.x86_64.rpm > > - Scientific Linux Development Team -- Pat Riehecky Scientific Linux Developer