Scientific Linux Security Update : xorg-x11-server on SL6.x i386/x86_64

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

A flaw was found in the way the X.org X11 server registered new hot
plugged devices. If a local user switched to a different session and
plugged in a new device, input from that device could become available
in the previous session, possibly leading to information disclosure.
(CVE-2013-1940)

This update also fixes the following bugs :

- A previous upstream patch modified the Xephyr X server
to be resizeable, however, it did not enable the resize
functionality by default. As a consequence, X sandboxes
were not resizeable on Scientific Linux 6.4 and later.
This update enables the resize functionality by default
so that X sandboxes can now be resized as expected.

- In Scientific Linux 6, the X Security extension
(XC-SECURITY) has been disabled and replaced by X Access
Control Extension (XACE). However, XACE does not yet
include functionality that was previously available in
XC- SECURITY. With this update, XC-SECURITY is enabled
in the xorg-x11-server spec file on Scientific Linux 6.

- Upstream code changes to extension initialization
accidentally disabled the GLX extension in Xvfb (the X
virtual frame buffer), rendering headless 3D
applications not functional. An upstream patch to this
problem has been backported so the GLX extension is
enabled again, and applications relying on this
extension work as expected.

See also :

http://www.nessus.org/u?ca4f900c

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 71302 ()

Bugtraq ID:

CVE ID: CVE-2013-1940