Scientific Linux Security Update : xorg-x11-server on SL5.x, SL6.x i386/x86_64

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

A use-after-free flaw was found in the way the X.Org server handled
ImageText requests. A malicious, authorized client could use this flaw
to crash the X.Org server or, potentially, execute arbitrary code with
root privileges. (CVE-2013-4396)

Users of proprietary drivers may need to reinstall the driver after
applying this update. Some users have reported the inability to load X
without reloading the nVidia or the ATI drivers. You can use 'yum
reinstall' to easily reload drivers packaged in RPM format. RPMs for
many common drivers can be found at the ELRepo Project. You can easily
add the ELRepo Project's repository to your system with 'yum install
yum-conf-elrepo' on SL 6 systems. Any issues with ELRepo packages
should be directed to their mailing lists.

After installing the update, X must be restarted for the changes to
take full effect.

See also :

http://www.nessus.org/u?cd6f2997

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 70468 ()

Bugtraq ID:

CVE ID: CVE-2013-4396