Mailinglist Archive: opensuse-updates (96 mails)

< Previous Next >
openSUSE-SU-2013:1177-1: moderate: update for xorg-x11-server
openSUSE Security Update: update for xorg-x11-server

Announcement ID: openSUSE-SU-2013:1177-1
Rating: moderate
References: #815583 #823410
Affected Products:
openSUSE 11.4

An update that contains security fixes can now be installed.


This xorg-x11-server update fixes a DoS vulnerability and
adds randr support.
- U_os-Reset-input-buffer-s-ignoreBytes-field.patch
* If a client sends a request larger than
maxBigRequestSize, the server is supposed to ignore it.
Before commit cf88363d, the server would simply disconnect
the client. After that commit, it attempts to gracefully
ignore the request by remembering how long the client
specified the request to be, and ignoring that many bytes.
However, if a client sends a BigReq header with a large
size and disconnects before actually sending the rest of
the specified request, the server will reuse the
ConnectionInput buffer without resetting the ignoreBytes
field. This makes the server ignore new X clients'
requests. This fixes that behavior by resetting the
ignoreBytes field when putting the ConnectionInput buffer
back on the FreeInputs list. (bnc#815583)

- u_xserver_xvfb-randr.patch
* Add randr support to Xvfb (bnc#823410)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2013-106

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 11.4 (i586 x86_64):



< Previous Next >
This Thread
  • No further messages