openSUSE Security Update : xorg-x11-server (openSUSE-SU-2013:1148-1)

low Nessus Plugin ID 75075

Synopsis

The remote openSUSE host is missing a security update.

Description

This xorg-x11-server update fixes a DoS vulnerability and adds randr support.

- U_os-Reset-input-buffer-s-ignoreBytes-field.patch

- If a client sends a request larger than maxBigRequestSize, the server is supposed to ignore it.
Before commit cf88363d, the server would simply disconnect the client. After that commit, it attempts to gracefully ignore the request by remembering how long the client specified the request to be, and ignoring that many bytes. However, if a client sends a BigReq header with a large size and disconnects before actually sending the rest of the specified request, the server will reuse the ConnectionInput buffer without resetting the ignoreBytes field. This makes the server ignore new X clients' requests. This fixes that behavior by resetting the ignoreBytes field when putting the ConnectionInput buffer back on the FreeInputs list.
(bnc#815583)

- u_xserver_xvfb-randr.patch

- Add randr support to Xvfb (bnc#823410)

Solution

Update the affected xorg-x11-server packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=815583

https://bugzilla.novell.com/show_bug.cgi?id=823410

https://lists.opensuse.org/opensuse-updates/2013-07/msg00023.html

Plugin Details

Severity: Low

ID: 75075

File Name: openSUSE-2013-558.nasl

Version: 1.7

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 1.9

Temporal Score: 1.5

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xorg-x11-xvnc, p-cpe:/a:novell:opensuse:xorg-x11-xvnc-debuginfo, p-cpe:/a:novell:opensuse:xorg-x11-server, p-cpe:/a:novell:opensuse:xorg-x11-server-debuginfo, p-cpe:/a:novell:opensuse:xorg-x11-server-debugsource, p-cpe:/a:novell:opensuse:xorg-x11-server-extra, p-cpe:/a:novell:opensuse:xorg-x11-server-extra-debuginfo, p-cpe:/a:novell:opensuse:xorg-x11-server-sdk, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/27/2013

Reference Information

BID: 61002