Mailinglist Archive: opensuse-updates (96 mails)

< Previous Next >
openSUSE-SU-2013:1148-1: moderate: update for xorg-x11-server
openSUSE Security Update: update for xorg-x11-server
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1148-1
Rating: moderate
References: #815583 #823410
Affected Products:
openSUSE 12.3
openSUSE 12.2
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This xorg-x11-server update fixes a DoS vulnerability and
adds randr support.
- U_os-Reset-input-buffer-s-ignoreBytes-field.patch
* If a client sends a request larger than
maxBigRequestSize, the server is supposed to ignore it.
Before commit cf88363d, the server would simply
disconnect the client. After that commit, it attempts
to gracefully ignore the request by remembering how
long the client specified the request to be, and
ignoring that many bytes. However, if a client sends a
BigReq header with a large size and disconnects before
actually sending the rest of the specified request, the
server will reuse the ConnectionInput buffer without
resetting the ignoreBytes field. This makes the server
ignore new X clients' requests. This fixes that
behavior by resetting the ignoreBytes field when
putting the ConnectionInput buffer back on the
FreeInputs list. (bnc#815583)

- u_xserver_xvfb-randr.patch
* Add randr support to Xvfb (bnc#823410)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-558

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-558

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 x86_64):

xorg-x11-server-7.6_1.13.2-1.9.1
xorg-x11-server-debuginfo-7.6_1.13.2-1.9.1
xorg-x11-server-debugsource-7.6_1.13.2-1.9.1
xorg-x11-server-extra-7.6_1.13.2-1.9.1
xorg-x11-server-extra-debuginfo-7.6_1.13.2-1.9.1
xorg-x11-server-sdk-7.6_1.13.2-1.9.1

- openSUSE 12.2 (i586 x86_64):

xorg-x11-Xvnc-7.6_1.12.3-1.33.1
xorg-x11-Xvnc-debuginfo-7.6_1.12.3-1.33.1
xorg-x11-server-7.6_1.12.3-1.33.1
xorg-x11-server-debuginfo-7.6_1.12.3-1.33.1
xorg-x11-server-debugsource-7.6_1.12.3-1.33.1
xorg-x11-server-extra-7.6_1.12.3-1.33.1
xorg-x11-server-extra-debuginfo-7.6_1.12.3-1.33.1
xorg-x11-server-sdk-7.6_1.12.3-1.33.1


References:

https://bugzilla.novell.com/815583
https://bugzilla.novell.com/823410


< Previous Next >
This Thread
  • No further messages