| Revision Date: | 2014-09-08 | Version: | 4 |
| Title: | SUSE-SU-2014:0744-1 -- Security update for xorg-x11-server |
| Description: | This is a SLES 11 SP1 LTSS rollup update for the X.Org Server package.The following security issues have been fixed: * CVE-2013-6424: Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allowed context-dependent attackers to cause a denial of service (crash) via a negative bottom value. * CVE-2013-4396: Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allowed remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. * CVE-2013-1940: X.Org X server did not properly restrict access to input events when adding a new hot-plug device, which might have allowed physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2013-1940
CVE-2013-4396
CVE-2013-6424
SUSE-SU-2014:0744-1
|
| Platform(s): | SUSE Linux Enterprise Server 11
| Product(s): | xorg-x11-server
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 11.x is installed AND Packages match section
xorg-x11-Xvnc RPM is earlier than 0:7.4-27.40.70.1
OR xorg-x11-server RPM is earlier than 0:7.4-27.40.70.1
OR xorg-x11-server-extra RPM is earlier than 0:7.4-27.40.70.1
|