openSUSE Security Update : xorg-x11-server (openSUSE-SU-2013:1148-1)

Low Nessus Plugin ID 75075


The remote openSUSE host is missing a security update.


This xorg-x11-server update fixes a DoS vulnerability and adds randr support.

- U_os-Reset-input-buffer-s-ignoreBytes-field.patch

- If a client sends a request larger than maxBigRequestSize, the server is supposed to ignore it.
Before commit cf88363d, the server would simply disconnect the client. After that commit, it attempts to gracefully ignore the request by remembering how long the client specified the request to be, and ignoring that many bytes. However, if a client sends a BigReq header with a large size and disconnects before actually sending the rest of the specified request, the server will reuse the ConnectionInput buffer without resetting the ignoreBytes field. This makes the server ignore new X clients' requests. This fixes that behavior by resetting the ignoreBytes field when putting the ConnectionInput buffer back on the FreeInputs list.

- u_xserver_xvfb-randr.patch

- Add randr support to Xvfb (bnc#823410)


Update the affected xorg-x11-server packages.

See Also

Plugin Details

Severity: Low

ID: 75075

File Name: openSUSE-2013-558.nasl

Version: $Revision: 1.2 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2015/01/19

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 1.9

Temporal Score: 1.5

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xorg-x11-Xvnc, p-cpe:/a:novell:opensuse:xorg-x11-Xvnc-debuginfo, p-cpe:/a:novell:opensuse:xorg-x11-server, p-cpe:/a:novell:opensuse:xorg-x11-server-debuginfo, p-cpe:/a:novell:opensuse:xorg-x11-server-debugsource, p-cpe:/a:novell:opensuse:xorg-x11-server-extra, p-cpe:/a:novell:opensuse:xorg-x11-server-extra-debuginfo, p-cpe:/a:novell:opensuse:xorg-x11-server-sdk, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/06/27

Reference Information

BID: 61002

OSVDB: 94921