Date: 21 June 2012
References: ESB-2011.1075 ESB-2012.0208
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.0588
Low: xorg-x11-server security and bug fix update
21 June 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: xorg-x11-server
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Access Confidential Data -- Existing Account
Read-only Data Access -- Console/Physical
Resolution: Patch/Upgrade
CVE Names: CVE-2011-4029 CVE-2011-4028
Reference: ESB-2012.0208
ESB-2011.1075
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2012-0939.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Red Hat. It is recommended that administrators
running xorg-x11-server check for an updated version of the software
for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Low: xorg-x11-server security and bug fix update
Advisory ID: RHSA-2012:0939-04
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0939.html
Issue date: 2012-06-20
CVE Names: CVE-2011-4028 CVE-2011-4029
=====================================================================
1. Summary:
Updated xorg-x11-server packages that fix two security issues and several
bugs are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
3. Description:
X.Org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.
A flaw was found in the way the X.Org server handled lock files. A local
user with access to the system console could use this flaw to determine the
existence of a file in a directory not accessible to the user, via a
symbolic link attack. (CVE-2011-4028)
A race condition was found in the way the X.Org server managed temporary
lock files. A local attacker could use this flaw to perform a symbolic link
attack, allowing them to make an arbitrary file world readable, leading to
the disclosure of sensitive information. (CVE-2011-4029)
Red Hat would like to thank the researcher with the nickname vladz for
reporting these issues.
This update also fixes the following bugs:
* Prior to this update, the KDE Display Manager (KDM) could pass invalid
24bpp pixmap formats to the X server. As a consequence, the X server could
unexpectedly abort. This update modifies the underlying code to pass the
correct formats. (BZ#651934, BZ#722860)
* Prior to this update, absolute input devices, like the stylus of a
graphic tablet, could become unresponsive in the right-most or bottom-most
screen if the X server was configured as a multi-screen setup through
multiple "Device" sections in the xorg.conf file. This update changes the
screen crossing behavior so that absolute devices are always mapped across
all screens. (BZ#732467)
* Prior to this update, the misleading message "Session active, not
inhibited, screen idle. If you see this test, your display server is broken
and you should notify your distributor." could be displayed after resuming
the system or re-enabling the display, and included a URL to an external
web page. This update removes this message. (BZ#748704)
* Prior to this update, the erroneous input handling code of the Xephyr
server disabled screens on a screen crossing event. The focus was only on
the screen where the mouse was located and only this screen was updated
when the Xephyr nested X server was configured in a multi-screen setup.
This update removes this code and Xephyr now correctly updates screens in
multi-screen setups. (BZ#757792)
* Prior to this update, raw events did not contain relative axis values. As
a consequence, clients which relied on relative values for functioning did
not behave as expected. This update sets the values to the original driver
values instead of the already transformed values. Now, raw events contain
relative axis values as expected. (BZ#805377)
All users of xorg-x11-server are advised to upgrade to these updated
packages, which correct these issues. All running X.Org server instances
must be restarted for this update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
732467 - Pointer gets stuck on right-most screen
745024 - CVE-2011-4029 xorg-x11-server: lock file chmod change race condition
745755 - CVE-2011-4028 xorg-x11-server: File existence disclosure vulnerability
748704 - "Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor.
805377 - Regression: raw events do not contain relative values
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm
i386:
xorg-x11-server-Xephyr-1.10.6-1.el6.i686.rpm
xorg-x11-server-Xorg-1.10.6-1.el6.i686.rpm
xorg-x11-server-common-1.10.6-1.el6.i686.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm
x86_64:
xorg-x11-server-Xephyr-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xorg-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-common-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm
i386:
xorg-x11-server-Xdmx-1.10.6-1.el6.i686.rpm
xorg-x11-server-Xnest-1.10.6-1.el6.i686.rpm
xorg-x11-server-Xvfb-1.10.6-1.el6.i686.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm
xorg-x11-server-devel-1.10.6-1.el6.i686.rpm
noarch:
xorg-x11-server-source-1.10.6-1.el6.noarch.rpm
x86_64:
xorg-x11-server-Xdmx-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xnest-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xvfb-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-devel-1.10.6-1.el6.i686.rpm
xorg-x11-server-devel-1.10.6-1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm
noarch:
xorg-x11-server-source-1.10.6-1.el6.noarch.rpm
x86_64:
xorg-x11-server-Xdmx-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xephyr-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xnest-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xorg-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xvfb-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-common-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-devel-1.10.6-1.el6.i686.rpm
xorg-x11-server-devel-1.10.6-1.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm
i386:
xorg-x11-server-Xephyr-1.10.6-1.el6.i686.rpm
xorg-x11-server-Xorg-1.10.6-1.el6.i686.rpm
xorg-x11-server-common-1.10.6-1.el6.i686.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm
ppc64:
xorg-x11-server-Xephyr-1.10.6-1.el6.ppc64.rpm
xorg-x11-server-Xorg-1.10.6-1.el6.ppc64.rpm
xorg-x11-server-common-1.10.6-1.el6.ppc64.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.ppc64.rpm
s390x:
xorg-x11-server-Xephyr-1.10.6-1.el6.s390x.rpm
xorg-x11-server-common-1.10.6-1.el6.s390x.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.s390x.rpm
x86_64:
xorg-x11-server-Xephyr-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xorg-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-common-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm
i386:
xorg-x11-server-Xdmx-1.10.6-1.el6.i686.rpm
xorg-x11-server-Xnest-1.10.6-1.el6.i686.rpm
xorg-x11-server-Xvfb-1.10.6-1.el6.i686.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm
xorg-x11-server-devel-1.10.6-1.el6.i686.rpm
noarch:
xorg-x11-server-source-1.10.6-1.el6.noarch.rpm
ppc64:
xorg-x11-server-Xdmx-1.10.6-1.el6.ppc64.rpm
xorg-x11-server-Xnest-1.10.6-1.el6.ppc64.rpm
xorg-x11-server-Xvfb-1.10.6-1.el6.ppc64.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.ppc.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.ppc64.rpm
xorg-x11-server-devel-1.10.6-1.el6.ppc.rpm
xorg-x11-server-devel-1.10.6-1.el6.ppc64.rpm
s390x:
xorg-x11-server-Xdmx-1.10.6-1.el6.s390x.rpm
xorg-x11-server-Xnest-1.10.6-1.el6.s390x.rpm
xorg-x11-server-Xvfb-1.10.6-1.el6.s390x.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.s390x.rpm
x86_64:
xorg-x11-server-Xdmx-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xnest-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xvfb-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-devel-1.10.6-1.el6.i686.rpm
xorg-x11-server-devel-1.10.6-1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm
i386:
xorg-x11-server-Xephyr-1.10.6-1.el6.i686.rpm
xorg-x11-server-Xorg-1.10.6-1.el6.i686.rpm
xorg-x11-server-common-1.10.6-1.el6.i686.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm
x86_64:
xorg-x11-server-Xephyr-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xorg-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-common-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xorg-x11-server-1.10.6-1.el6.src.rpm
i386:
xorg-x11-server-Xdmx-1.10.6-1.el6.i686.rpm
xorg-x11-server-Xnest-1.10.6-1.el6.i686.rpm
xorg-x11-server-Xvfb-1.10.6-1.el6.i686.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm
xorg-x11-server-devel-1.10.6-1.el6.i686.rpm
noarch:
xorg-x11-server-source-1.10.6-1.el6.noarch.rpm
x86_64:
xorg-x11-server-Xdmx-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xnest-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-Xvfb-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm
xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm
xorg-x11-server-devel-1.10.6-1.el6.i686.rpm
xorg-x11-server-devel-1.10.6-1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-4028.html
https://www.redhat.com/security/data/cve/CVE-2011-4029.html
https://access.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP4ZhjXlSAg2UNWIIRAir0AJ9sHey+kq1VKcjWOVTayWXlMxoMTwCdEnl0
aGxVQ3Zeu4DOVNqsul/Nulo=
=US1w
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBT+J+/u4yVqjM2NGpAQI9fg//UJ6FXho569MIJAkeakceXGr3SjkTKu/U
iosrT3zTt9D0RMduMJ1qJB+kC/jcli/5hOH4PRTeRgo3aQNCvDmX99jSECBMiEO4
KvYATuL73WwOpQ/+9apKX2OYVs0r4v9tXQ8cjbfnfwI59gO5M3hFVtuoTHbtP87t
nOgwmGmm5hBdIuRsFF15K3GvGoT1h7HQF4LtHy61x1s0D2IMOplFgmLu86sd4B2R
7END4I3QV2L7xenr6F7mGaBleQ0WDEqBMyKgYIE2zkm/q/NQShzgWRJSjUaRnubh
RM0LKBVs+rg+WPBc6hZEx5IB3j7O5K+4rURei+Vo1KgAHwoAlgYToAVwFPvrjzSe
OIzQ19PwS2pB8vqZKFg+ZoeR5mhaX2VT4zScyGAIxhxzoDDU92o6kuqDbSWdct3t
YRLEyJ2Ie8y6J+r4cTjJOQjw+8jdCmsofRsuz8gRUl7Ui5LqZNSwa0O/oe3r//i0
KBeA64chbTr/HPzXMsEDT76HSkOl4KArXeo860gj9MDzZK5QeZb0SRp4+nkNPrLr
yJKT1pbRCIuc6BhBkQAfQ24jm/1UZtuL/55FU73zfiggQ6Wa0J4Uspa5iTqSZXbt
vvoNkOoBB1bTLtvYiZ/InZd3yv5Asxz+nPWNRfFMfYtmyG062ZmPNUnJcNXRR5UP
SKp/NBUyIRA=
=VmZ8
-----END PGP SIGNATURE-----
|