openSUSE Security Update: xorg-x11-server ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0227-1 Rating: important References: #722944 Cross-References: CVE-2011-4028 CVE-2011-4029 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The X server had two security issues and one bug that is fixed by this update. CVE-2011-4028: It is possible for a local attacker to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. CVE-2011-4029: It is possible for a non-root local user to set the read permission for all users on any file or directory. Special Instructions and Notes: Please reboot the system after installing this update.This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch xorg-x11-Xvnc-5490 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64): xorg-x11-Xvnc-7.5_1.8.0-10.15.2 xorg-x11-server-7.5_1.8.0-10.15.2 xorg-x11-server-extra-7.5_1.8.0-10.15.2 xorg-x11-server-sdk-7.5_1.8.0-10.15.2 References: http://support.novell.com/security/cve/CVE-2011-4028.html http://support.novell.com/security/cve/CVE-2011-4029.html https://bugzilla.novell.com/722944 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org