Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

SUSE 11 SP1: 2011:1300-1 Critical: Xserver Vulnerability Patches

suse
Calendar Grey December 2, 2011
Dist Suse Esm H88
Debian patch for wayland-server resolves critical vulnerabilities with precision. Apply suggested updates immediately.
An update that fixes two vulnerabilities is now available

Summary


Warning: Undefined array key "advisoryid" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3654979_1edcd913e2b52798c5b9126b8927230e on line 19

   SUSE Security Update: Security update for xorg-x11-server
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1292-1
Rating:             important
References:         #722944 
Cross-References:   CVE-2011-4028 CVE-2011-4029
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP1
                    SUSE Linux Enterprise Server 11 SP1 for VMware
                    SUSE Linux Enterprise Server 11 SP1
                    SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:


   This update fixes two security issues with the X server:

   * A local attacker could find out if a file exists by
   exploiting the way that Xorg creates its lock files.
   (CVE-2011-4028
    )
   * A non-root local user could set the read permission
   for all users on any file or directory. (CVE-2011-4029
    )

Indications:

   Please install this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP1:

      zypper in -t patch sdksp1-xorg-x11-Xvnc-5479

   - SUSE Linux Enterprise Server 11 SP1 for VMware:

      zypper in -t patch slessp1-xorg-x11-Xvnc-5479

   - SUSE Linux Enterprise Server 11 SP1:

      zypper in -t patch slessp1-xorg-x11-Xvnc-5479

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-xorg-x11-Xvnc-5479

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64):

      xorg-x11-server-sdk-7.4-27.40.52.1

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):

      xorg-x11-Xvnc-7.4-27.40.52.1
      xorg-x11-server-7.4-27.40.52.1
      xorg-x11-server-extra-7.4-27.40.52.1

   - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64):

      xorg-x11-Xvnc-7.4-27.40.52.1
      xorg-x11-server-7.4-27.40.52.1
      xorg-x11-server-extra-7.4-27.40.52.1

   - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64):

      xorg-x11-Xvnc-7.4-27.40.52.1
      xorg-x11-server-7.4-27.40.52.1
      xorg-x11-server-extra-7.4-27.40.52.1


References:

   https://www.suse.com/security/cve/CVE-2011-4028.html
   https://www.suse.com/security/cve/CVE-2011-4029.html

Topics%20covered

Topics Covered

security advisory security issue software update local exploit important SUSE xorg-x11-server

References

Severity
important
Lowest
Low
Medium
High
Critical


Warning: Undefined array key "block1" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3654979_c1d2d4f425d79c8c327f2b8603847ec6 on line 11

Topics%20covered

Topics Covered

security advisory security issue software update local exploit important SUSE xorg-x11-server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here