SuSE 11.1 Security Update : Xorg (SAT Patch Number 5294)

high Nessus Plugin ID 57139

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This update for xorg-x11-server and xorg-x11-libs brings improved compatibility fixes and enhancements for X.org. The main feature is support for Multi monitor configurations with independent heads, which used to be supported with SUSE Linux Enterprise 10 (VGA Arbitration Support).

During update to Service Pack 1, the support for AppGroup Extension was removed from the X11 Server. This update fixes this regression and adds back the support. (bnc#709943)

Additionally this update fixes bugs in the AppGroup Extensions, which resulted in Xserver crashes. (bnc#716355)

It also fixes an issue with changing the mouse mode to absolute.
(bnc#704467)

It also fixes an issue with button release on non-core pointing devices. (bnc#698281)

In addition to that, multiple missing or incorrect bounds checking flaws were fixed in in GLX (CVE-2010-4818) and in the X Render Extension (CVE-2010-4819) were fixed, which could be used to crash the X server.

A regression in handling TWM was fixed as well. (bnc#709987)

Solution

Apply SAT patch number 5294.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=648287

https://bugzilla.novell.com/show_bug.cgi?id=648290

https://bugzilla.novell.com/show_bug.cgi?id=698281

https://bugzilla.novell.com/show_bug.cgi?id=704467

https://bugzilla.novell.com/show_bug.cgi?id=709943

https://bugzilla.novell.com/show_bug.cgi?id=709987

https://bugzilla.novell.com/show_bug.cgi?id=714677

https://bugzilla.novell.com/show_bug.cgi?id=716355

http://support.novell.com/security/cve/CVE-2010-4818.html

http://support.novell.com/security/cve/CVE-2010-4819.html

Plugin Details

Severity: High

ID: 57139

File Name: suse_11_xorg-x11-server-libs-111010.nasl

Version: 1.6

Type: local

Agent: unix

Published: 12/13/2011

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:libpciaccess0, p-cpe:/a:novell:suse_linux:11:libpciaccess0-32bit, p-cpe:/a:novell:suse_linux:11:libpciaccess0-devel, p-cpe:/a:novell:suse_linux:11:xorg-x11-xvnc, p-cpe:/a:novell:suse_linux:11:xorg-x11-devel, p-cpe:/a:novell:suse_linux:11:xorg-x11-libs, p-cpe:/a:novell:suse_linux:11:xorg-x11-libs-32bit, p-cpe:/a:novell:suse_linux:11:xorg-x11-server, p-cpe:/a:novell:suse_linux:11:xorg-x11-server-extra, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 10/10/2011

Reference Information

CVE: CVE-2010-4818, CVE-2010-4819