openSUSE Security Update : xorg-x11-Xvnc (openSUSE-SU-2012:0227-1)
Low Nessus Plugin ID 75780
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThe X server had two security issues and one bug that is fixed by this update.
CVE-2011-4028: It is possible for a local attacker to deduce if a file exists or not by exploiting the way that Xorg creates its lock files.
CVE-2011-4029: It is possible for a non-root local user to set the read permission for all users on any file or directory.
SolutionUpdate the affected xorg-x11-Xvnc packages.