SUSE-SU-2013:1728-1: moderate: Security update for xorg-x11-server
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Mon Nov 18 10:04:10 MST 2013
SUSE Security Update: Security update for xorg-x11-server
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:1728-1
Rating: moderate
References: #816813 #843652
Cross-References: CVE-2013-4396
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
xorg-x11-server was updated to fix the following security
issue:
* Fixed a security issue in which an authenticated X
client can cause an X server to use memory after it was
freed, potentially leading to crash and/or memory
corruption. (CVE-2013-4396, bnc#843652)
A non-security issues was also fixed:
* rfbAuthReenable is accessing rfbClient structure that
was in most cases already freed. It actually needs only
ScreenPtr, so pass it directly. (bnc#816813)
Security Issues:
* CVE-2013-4396
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-xorg-x11-Xvnc-8464
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-xorg-x11-Xvnc-8463
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-xorg-x11-Xvnc-8464
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-xorg-x11-Xvnc-8464
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-xorg-x11-Xvnc-8463
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-xorg-x11-Xvnc-8463
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-xorg-x11-Xvnc-8464
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-xorg-x11-Xvnc-8463
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
xorg-x11-server-sdk-7.4-27.83.2
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):
xorg-x11-server-sdk-7.4-27.70.74.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
xorg-x11-Xvnc-7.4-27.83.2
xorg-x11-server-7.4-27.83.2
xorg-x11-server-extra-7.4-27.83.2
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
xorg-x11-Xvnc-7.4-27.83.2
xorg-x11-server-7.4-27.83.2
xorg-x11-server-extra-7.4-27.83.2
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):
xorg-x11-Xvnc-7.4-27.70.74.1
xorg-x11-server-7.4-27.70.74.1
xorg-x11-server-extra-7.4-27.70.74.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):
xorg-x11-Xvnc-7.4-27.70.74.1
xorg-x11-server-7.4-27.70.74.1
xorg-x11-server-extra-7.4-27.70.74.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
xorg-x11-Xvnc-7.4-27.83.2
xorg-x11-server-7.4-27.83.2
xorg-x11-server-extra-7.4-27.83.2
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):
xorg-x11-Xvnc-7.4-27.70.74.1
xorg-x11-server-7.4-27.70.74.1
xorg-x11-server-extra-7.4-27.70.74.1
References:
http://support.novell.com/security/cve/CVE-2013-4396.html
https://bugzilla.novell.com/816813
https://bugzilla.novell.com/843652
http://download.novell.com/patch/finder/?keywords=0098e7907ae8d69a80b724c0249178f2
http://download.novell.com/patch/finder/?keywords=b9c1c2f8520eaee88ff048981bb42d0e
More information about the sle-updates
mailing list