openSUSE Security Update : xorg-x11-server (openSUSE-SU-2013:1148-1)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This xorg-x11-server update fixes a DoS vulnerability and adds randr
support.

- U_os-Reset-input-buffer-s-ignoreBytes-field.patch

- If a client sends a request larger than
maxBigRequestSize, the server is supposed to ignore it.
Before commit cf88363d, the server would simply
disconnect the client. After that commit, it attempts to
gracefully ignore the request by remembering how long
the client specified the request to be, and ignoring
that many bytes. However, if a client sends a BigReq
header with a large size and disconnects before actually
sending the rest of the specified request, the server
will reuse the ConnectionInput buffer without resetting
the ignoreBytes field. This makes the server ignore new
X clients' requests. This fixes that behavior by
resetting the ignoreBytes field when putting the
ConnectionInput buffer back on the FreeInputs list.
(bnc#815583)

- u_xserver_xvfb-randr.patch

- Add randr support to Xvfb (bnc#823410)

See also :

http://lists.opensuse.org/opensuse-updates/2013-07/msg00023.html
https://bugzilla.novell.com/show_bug.cgi?id=815583
https://bugzilla.novell.com/show_bug.cgi?id=823410

Solution :

Update the affected xorg-x11-server packages.

Risk factor :

Low / CVSS Base Score : 1.9
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 1.5
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 75075 ()

Bugtraq ID: 61002

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now