SUSE-SU-2013:0859-1: Security update for Xorg

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jun 4 17:04:10 MDT 2013


   SUSE Security Update: Security update for Xorg
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0859-1
Rating:             low
References:         #787170 #813178 #813683 #814653 
Cross-References:   CVE-2013-1940
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that solves one vulnerability and has three fixes
   is now available.

Description:


   This update of xorg-x11-server fixes one security issue and
   two bugs.

   In some cases, input events are sent to X servers not
   currently the VT  owner, allowing a user to capture
   passwords. (CVE-2013-1940)

   Also the following bugs have been fixed:

   * A memory leak in cursor handling could slowly run the
   X server out of memory. (bnc#813178)
   * A memory leak in the X GE extension has been fixed
   that could have also run the X server out of memory
   (bnc#813683)
   * A CAPS lock issue in VNC has been fixed (bnc#787170)

   Security Issue reference:

   * CVE-2013-1940
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1940
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-xorg-x11-Xvnc-7761

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-xorg-x11-Xvnc-7761

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-xorg-x11-Xvnc-7761

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-xorg-x11-Xvnc-7761

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      xorg-x11-server-sdk-7.4-27.70.72.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):

      xorg-x11-Xvnc-7.4-27.70.72.1
      xorg-x11-server-7.4-27.70.72.1
      xorg-x11-server-extra-7.4-27.70.72.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      xorg-x11-Xvnc-7.4-27.70.72.1
      xorg-x11-server-7.4-27.70.72.1
      xorg-x11-server-extra-7.4-27.70.72.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

      xorg-x11-Xvnc-7.4-27.70.72.1
      xorg-x11-server-7.4-27.70.72.1
      xorg-x11-server-extra-7.4-27.70.72.1


References:

   http://support.novell.com/security/cve/CVE-2013-1940.html
   https://bugzilla.novell.com/787170
   https://bugzilla.novell.com/813178
   https://bugzilla.novell.com/813683
   https://bugzilla.novell.com/814653
   http://download.novell.com/patch/finder/?keywords=ee7d716a9cc2dd9dfba74c7d65aba753



More information about the sle-security-updates mailing list