Oval Definition:oval:com.redhat.rhsa:def:20130502
Revision Date:2013-02-21Version:642
Title:RHSA-2013:0502: Core X11 clients security, bug fix, and enhancement update (Low)
Description:The Core X11 clients packages provide the xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps clients that ship with the X Window System.

  • It was found that the x11perfcomp utility included the current working directory in its PATH environment variable. Running x11perfcomp in an attacker-controlled directory would cause arbitrary code execution with the privileges of the user running x11perfcomp. (CVE-2011-2504)

  • Also with this update, the xorg-x11-utils and xorg-x11-server-utils packages have been upgraded to upstream version 7.5, and the xorg-x11-apps package to upstream version 7.6, which provides a number of bug fixes and enhancements over the previous versions. (BZ#835277, BZ#835278, BZ#835281)

    All users of xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps are advised to upgrade to these updated packages, which fix these issues and add these enhancements.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2011-2504
    CVE-2011-2504
    RHSA-2013:0502
    RHSA-2013:0502-02
    RHSA-2013:0502-02
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • xorg-x11-utils is earlier than 0:7.5-6.el6
  • AND xorg-x11-utils is signed with Red Hat redhatrelease2 key
  • xorg-x11-server-utils is earlier than 0:7.5-13.el6
  • AND xorg-x11-server-utils is signed with Red Hat redhatrelease2 key
  • xorg-x11-apps is earlier than 0:7.6-6.el6
  • AND xorg-x11-apps is signed with Red Hat redhatrelease2 key
    • BACK