Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.0208 Low: xorg-x11-server security and bug fix update 22 February 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xorg-x11-server Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 5 Red Hat Enterprise Linux WS/Desktop 5 Impact/Access: Reduced Security -- Console/Physical Resolution: Patch/Upgrade CVE Names: CVE-2011-4028 Reference: ESB-2011.1075 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2012-0303.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: xorg-x11-server security and bug fix update Advisory ID: RHSA-2012:0303-03 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0303.html Issue date: 2012-02-21 Keywords: fbdev installer CVE Names: CVE-2011-4028 ===================================================================== 1. Summary: Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) Red Hat would like to thank the researcher with the nickname vladz for reporting this issue. This update also fixes the following bugs: * In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario. (BZ#596899) * Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270) * On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717) * On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964) * Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741) * Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409) * Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000) * When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly. This bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346) * When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario. Note that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497) * Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the "int" type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810) All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 454409 - Xephyr ends with Segmentation fault 529717 - [RHEL5] HP DC5850: mice get stuck on left edge (X11 acceleration overflow?) 555000 - Using BIG-REQUESTS cause XIO and connection close 559964 - Pointer confined to one monitor with r500 in zaphod mode 588346 - XineramaQueryScreens() from an X client on a big endian machine cause the Xserver to crash 649810 - Integer overflow for dashed lines longer than 46340 676270 - Xserver segfaults in miwindow.c when backing store is enabled 745755 - CVE-2011-4028 xorg-x11, xorg-x11-server: File existence disclosure vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xorg-x11-server-1.1.1-48.90.el5.src.rpm i386: xorg-x11-server-Xdmx-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xephyr-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xnest-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xorg-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xvfb-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.i386.rpm xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm x86_64: xorg-x11-server-Xdmx-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xephyr-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xnest-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xorg-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xvfb-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xorg-x11-server-1.1.1-48.90.el5.src.rpm i386: xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm xorg-x11-server-sdk-1.1.1-48.90.el5.i386.rpm x86_64: xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-sdk-1.1.1-48.90.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xorg-x11-server-1.1.1-48.90.el5.src.rpm i386: xorg-x11-server-Xdmx-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xephyr-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xnest-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xorg-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xvfb-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.i386.rpm xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm xorg-x11-server-sdk-1.1.1-48.90.el5.i386.rpm ia64: xorg-x11-server-Xdmx-1.1.1-48.90.el5.ia64.rpm xorg-x11-server-Xephyr-1.1.1-48.90.el5.ia64.rpm xorg-x11-server-Xnest-1.1.1-48.90.el5.ia64.rpm xorg-x11-server-Xorg-1.1.1-48.90.el5.ia64.rpm xorg-x11-server-Xvfb-1.1.1-48.90.el5.ia64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.ia64.rpm xorg-x11-server-debuginfo-1.1.1-48.90.el5.ia64.rpm xorg-x11-server-sdk-1.1.1-48.90.el5.ia64.rpm ppc: xorg-x11-server-Xdmx-1.1.1-48.90.el5.ppc.rpm xorg-x11-server-Xephyr-1.1.1-48.90.el5.ppc.rpm xorg-x11-server-Xnest-1.1.1-48.90.el5.ppc.rpm xorg-x11-server-Xorg-1.1.1-48.90.el5.ppc.rpm xorg-x11-server-Xvfb-1.1.1-48.90.el5.ppc.rpm xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.ppc.rpm xorg-x11-server-debuginfo-1.1.1-48.90.el5.ppc.rpm xorg-x11-server-sdk-1.1.1-48.90.el5.ppc.rpm s390x: xorg-x11-server-Xephyr-1.1.1-48.90.el5.s390x.rpm xorg-x11-server-Xnest-1.1.1-48.90.el5.s390x.rpm xorg-x11-server-Xvfb-1.1.1-48.90.el5.s390x.rpm xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.s390x.rpm xorg-x11-server-debuginfo-1.1.1-48.90.el5.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xephyr-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xnest-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xorg-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xvfb-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-sdk-1.1.1-48.90.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4028.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPQyUCXlSAg2UNWIIRAv0eAJ9f7w2ltsugubo8T1UxHbrR0yhIXwCeNboK pObvvcc4xLEOcsfD68/cTRM= =zrCM - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBT0R6Ku4yVqjM2NGpAQImGQ/+PCelNin3sOl9jf3Ju1qyxYels9FW5ls6 PtkpZUgiEJAKUfeLCjRdCDuee4GjSTC7czSzdRJNL4ryo7ShgCz++zZPNb6AvsWB enFH/bwM7dn9y2o5+joScS4rUVKEdx7bcR7HBK6aeUPsq/cboIK9uVEVE0dzTZ1U m++YIRjf9RwWXuS0rwL5xHV1xuTNZruvqY4zaWiRx9t9gDyjkw8tjiPfODgcDjjj CnvwHViOiNTXcLaYB5KSvHhlgNyuAPU4kI+p1bMTrBTF385GI3ycWd3gIS3JOlRc u/JkviTkRugPY6GY9981m5Tn+P9QWHlhC0k63bfrtKS/hSGdqUamLuRXP8/NNdEu pZiXIVkfVItmwUGdXS2qoBCk8KvxIOX6vkr5y3dzx3OEwOOSVpKu53LzRkyQmFVt NQ72XmdJqzuNTpjjz3Hd8BOP2v49GPPl4tPF97XP3EMOTFAZBGlv2MBFGVhhpwLH N+x1apFkh3dECn57KTRi5VYgf0DGH/6m+ERcVrYrFhoMsLR5D4Ubz0Kt2tYHQGDk 3FNH33VqUb82laP6Nk/IRCBK72Ic7wzWHkr+Vdvd4fLW3oA+63cEA+M9eVOJFjdn sXHRrYieCw4bSwrxDlF9cGd67PQsRlVw6I0WllxLqXJN8mPGNp1EuzkzlLdy8Y7v GzmPEHCAC7g= =+XAT -----END PGP SIGNATURE-----