SUSE-SU-2013:1728-1: moderate: Security update for xorg-x11-server

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Nov 18 10:04:10 MST 2013


   SUSE Security Update: Security update for xorg-x11-server
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1728-1
Rating:             moderate
References:         #816813 #843652 
Cross-References:   CVE-2013-4396
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP3
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Linux Enterprise Server 11 SP3 for VMware
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available.

Description:


   xorg-x11-server was updated to fix the following security
   issue:

   * Fixed a security issue in which an authenticated X
   client can cause an X server to use memory after it was
   freed, potentially leading to crash and/or memory
   corruption. (CVE-2013-4396, bnc#843652)

   A non-security issues was also fixed:

   * rfbAuthReenable is accessing rfbClient structure that
   was in most cases already freed. It actually needs only
   ScreenPtr, so pass it directly. (bnc#816813)

   Security Issues:

   * CVE-2013-4396
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-xorg-x11-Xvnc-8464

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-xorg-x11-Xvnc-8463

   - SUSE Linux Enterprise Server 11 SP3 for VMware:

      zypper in -t patch slessp3-xorg-x11-Xvnc-8464

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-xorg-x11-Xvnc-8464

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-xorg-x11-Xvnc-8463

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-xorg-x11-Xvnc-8463

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-xorg-x11-Xvnc-8464

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-xorg-x11-Xvnc-8463

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):

      xorg-x11-server-sdk-7.4-27.83.2

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      xorg-x11-server-sdk-7.4-27.70.74.1

   - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):

      xorg-x11-Xvnc-7.4-27.83.2
      xorg-x11-server-7.4-27.83.2
      xorg-x11-server-extra-7.4-27.83.2

   - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):

      xorg-x11-Xvnc-7.4-27.83.2
      xorg-x11-server-7.4-27.83.2
      xorg-x11-server-extra-7.4-27.83.2

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):

      xorg-x11-Xvnc-7.4-27.70.74.1
      xorg-x11-server-7.4-27.70.74.1
      xorg-x11-server-extra-7.4-27.70.74.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      xorg-x11-Xvnc-7.4-27.70.74.1
      xorg-x11-server-7.4-27.70.74.1
      xorg-x11-server-extra-7.4-27.70.74.1

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

      xorg-x11-Xvnc-7.4-27.83.2
      xorg-x11-server-7.4-27.83.2
      xorg-x11-server-extra-7.4-27.83.2

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

      xorg-x11-Xvnc-7.4-27.70.74.1
      xorg-x11-server-7.4-27.70.74.1
      xorg-x11-server-extra-7.4-27.70.74.1


References:

   http://support.novell.com/security/cve/CVE-2013-4396.html
   https://bugzilla.novell.com/816813
   https://bugzilla.novell.com/843652
   http://download.novell.com/patch/finder/?keywords=0098e7907ae8d69a80b724c0249178f2
   http://download.novell.com/patch/finder/?keywords=b9c1c2f8520eaee88ff048981bb42d0e



More information about the sle-security-updates mailing list