SUSE-SU-2012:0644-1: moderate: Security update for xorg-x11-server-rdp

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri May 25 16:08:28 MDT 2012


   SUSE Security Update: Security update for xorg-x11-server-rdp
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0644-1
Rating:             moderate
References:         #746949 
Cross-References:   CVE-2010-2240 CVE-2011-4028 CVE-2011-4029
                   
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Server 11 SP1 for VMware
                    SUSE Linux Enterprise Server 11 SP1
                    SUSE Linux Enterprise Desktop 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:


   This update of xorg-x11-server-rdp fixed the following
   security issues:

   CVE-2010-2240 - memory exhaustion flaw CVE-2011-4028 /
   CVE-2011-4029 - race  condition flaw

   Security Issues:

   * CVE-2010-2240
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2240
   >
   * CVE-2011-4028
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4028
   >
   * CVE-2011-4029
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4029
   >

Contraindications:



Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-xorg-x11-server-rdp-6111

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-xorg-x11-server-rdp-6111

   - SUSE Linux Enterprise Server 11 SP1 for VMware:

      zypper in -t patch slessp1-xorg-x11-server-dmx-6112

   - SUSE Linux Enterprise Server 11 SP1:

      zypper in -t patch slessp1-xorg-x11-server-dmx-6112

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp1-xorg-x11-server-dmx-6112 sledsp2-xorg-x11-server-rdp-6111

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-xorg-x11-server-dmx-6112

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):

      xorg-x11-server-rdp-7.3.99-3.18.2

   - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64):

      xorg-x11-server-rdp-7.3.99-3.18.2

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):

      xorg-x11-server-dmx-7.3.99-17.11.1

   - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64):

      xorg-x11-server-dmx-7.3.99-17.11.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

      xorg-x11-server-dmx-7.3.99-17.11.1
      xorg-x11-server-rdp-7.3.99-3.18.2

   - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64):

      xorg-x11-server-dmx-7.3.99-17.11.1


References:

   http://support.novell.com/security/cve/CVE-2010-2240.html
   http://support.novell.com/security/cve/CVE-2011-4028.html
   http://support.novell.com/security/cve/CVE-2011-4029.html
   https://bugzilla.novell.com/746949
   http://download.novell.com/patch/finder/?keywords=5ee149ba2fc8b7892f29b4e9d1937da4
   http://download.novell.com/patch/finder/?keywords=c81bcbcc5f759c9ce82783eef07688a8



More information about the sle-security-updates mailing list