Skip to navigation

Security Advisory Moderate: xorg-x11-server-utils security update

Advisory: RHSA-2011:0433-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-04-11
Last updated on: 2011-04-11
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux EUS (v. 5.6.z server)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Long Life (v. 5.6 server)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.0.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-0465

Details

An updated xorg-x11-server-utils package that fixes one security issue is
now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The xorg-x11-server-utils package contains a collection of utilities used
to modify and query the runtime configuration of the X.Org server. X.Org is
an open source implementation of the X Window System.

A flaw was found in the X.Org X server resource database utility, xrdb.
Certain variables were not properly sanitized during the launch of a user's
graphical session, which could possibly allow a remote attacker to execute
arbitrary code with root privileges, if they were able to make the display
manager execute xrdb with a specially-crafted X client hostname. For
example, by configuring the hostname on the target system via a crafted
DHCP reply, or by using the X Display Manager Control Protocol (XDMCP) to
connect to that system from a host that has a special DNS name.
(CVE-2011-0465)

Red Hat would like to thank Matthieu Herrb for reporting this issue.
Upstream acknowledges Sebastian Krahmer of the SuSE Security Team as the
original reporter.

Users of xorg-x11-server-utils should upgrade to this updated package,
which contains a backported patch to resolve this issue. All running X.Org
server instances must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
xorg-x11-server-utils-7.1-5.el5_6.1.src.rpm
File outdated by:  RHBA-2011:0454
    MD5: 22359adf1e6fa978004966e37c2cdf4a
SHA-256: 130f83e1194b2593a9cf154bf3d84d66b5b0c8767cf481e23002879cee2daf0b
 
IA-32:
xorg-x11-server-utils-7.1-5.el5_6.1.i386.rpm
File outdated by:  RHBA-2011:0454
    MD5: 0bb4d6537982877722ef82df1321072f
SHA-256: f00c0aa9e8264eb0a1f56783887bb0d110ce181010296a5d4185ae14a8a42f5e
 
IA-64:
xorg-x11-server-utils-7.1-5.el5_6.1.ia64.rpm
File outdated by:  RHBA-2011:0454
    MD5: 491ef34f1c2efc793bc8379c858e6e17
SHA-256: b07323c55f01c46ccb0838fb53bf3e4d0eeeac4ad88f45d050060ee12e2a4a5e
 
PPC:
xorg-x11-server-utils-7.1-5.el5_6.1.ppc.rpm
File outdated by:  RHBA-2011:0454
    MD5: d70a287f9b93b7ce926619aded251403
SHA-256: d50f331e2c333a7cf91f64c64adc18839e1a2da527ddb9fb521bef9db9a6e40d
 
s390x:
xorg-x11-server-utils-7.1-5.el5_6.1.s390x.rpm
File outdated by:  RHBA-2011:0454
    MD5: 7b30da5a8b9e4626176b1dd97e101fe7
SHA-256: 90db2055058c2b39e3404a5c2b26fc5864b4451e76c19d2140aa30fa3f138a46
 
x86_64:
xorg-x11-server-utils-7.1-5.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2011:0454
    MD5: 3d7502638235c0cb69168e1c479eac0e
SHA-256: a24d17bb7fb70a91a37239c9a49363e95f07da06d1f51134ddaa3a238d17e4d2
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
xorg-x11-server-utils-7.1-5.el5_6.1.src.rpm
File outdated by:  RHBA-2011:0454
    MD5: 22359adf1e6fa978004966e37c2cdf4a
SHA-256: 130f83e1194b2593a9cf154bf3d84d66b5b0c8767cf481e23002879cee2daf0b
 
IA-32:
xorg-x11-server-utils-7.1-5.el5_6.1.i386.rpm
File outdated by:  RHBA-2011:0454
    MD5: 0bb4d6537982877722ef82df1321072f
SHA-256: f00c0aa9e8264eb0a1f56783887bb0d110ce181010296a5d4185ae14a8a42f5e
 
x86_64:
xorg-x11-server-utils-7.1-5.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2011:0454
    MD5: 3d7502638235c0cb69168e1c479eac0e
SHA-256: a24d17bb7fb70a91a37239c9a49363e95f07da06d1f51134ddaa3a238d17e4d2
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
xorg-x11-server-utils-7.4-15.el6_0.1.src.rpm
File outdated by:  RHSA-2013:0502
    MD5: 3e664f48d7ffe7affcd8281caf3b41a3
SHA-256: 1ccc0e8f577d781bc785bcf6ac16b0148a58d9c2863875f881bbd6c1aa9fdf5a
 
IA-32:
xorg-x11-server-utils-7.4-15.el6_0.1.i686.rpm
File outdated by:  RHSA-2013:0502
    MD5: c05bbf78060ec2b1c7e7b94acb839d3b
SHA-256: ec9ef74152f5910b070e2b1eab65e92724abeefef0c13a0d8f44c3eff9400100
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.i686.rpm
File outdated by:  RHSA-2013:0502
    MD5: 1ec3aae7683a839f535fd42bf5fc02f3
SHA-256: 6856ada7d525dbbd593f885818863e855a7a636c9d9528a805a609db47b9ee17
 
x86_64:
xorg-x11-server-utils-7.4-15.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2013:0502
    MD5: d586477311050c3354e059cee68bcbf4
SHA-256: 28eb4c5cce90a047302f40968462cd4092d3caa2774a998307d98fcced1e8cb3
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2013:0502
    MD5: 7057d580acd81ff962e319f6ee95ae3b
SHA-256: 962b60a2d8843d04f8e214381e523d7b27a612945fb0e41c6a27cd640ba51adc
 
Red Hat Enterprise Linux EUS (v. 5.6.z server)

SRPMS:
xorg-x11-server-utils-7.1-5.el5_6.1.src.rpm
File outdated by:  RHBA-2011:0454
    MD5: 22359adf1e6fa978004966e37c2cdf4a
SHA-256: 130f83e1194b2593a9cf154bf3d84d66b5b0c8767cf481e23002879cee2daf0b
 
IA-32:
xorg-x11-server-utils-7.1-5.el5_6.1.i386.rpm
File outdated by:  RHBA-2011:0454
    MD5: 0bb4d6537982877722ef82df1321072f
SHA-256: f00c0aa9e8264eb0a1f56783887bb0d110ce181010296a5d4185ae14a8a42f5e
 
IA-64:
xorg-x11-server-utils-7.1-5.el5_6.1.ia64.rpm
File outdated by:  RHBA-2011:0454
    MD5: 491ef34f1c2efc793bc8379c858e6e17
SHA-256: b07323c55f01c46ccb0838fb53bf3e4d0eeeac4ad88f45d050060ee12e2a4a5e
 
PPC:
xorg-x11-server-utils-7.1-5.el5_6.1.ppc.rpm
File outdated by:  RHBA-2011:0454
    MD5: d70a287f9b93b7ce926619aded251403
SHA-256: d50f331e2c333a7cf91f64c64adc18839e1a2da527ddb9fb521bef9db9a6e40d
 
s390x:
xorg-x11-server-utils-7.1-5.el5_6.1.s390x.rpm
File outdated by:  RHBA-2011:0454
    MD5: 7b30da5a8b9e4626176b1dd97e101fe7
SHA-256: 90db2055058c2b39e3404a5c2b26fc5864b4451e76c19d2140aa30fa3f138a46
 
x86_64:
xorg-x11-server-utils-7.1-5.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2011:0454
    MD5: 3d7502638235c0cb69168e1c479eac0e
SHA-256: a24d17bb7fb70a91a37239c9a49363e95f07da06d1f51134ddaa3a238d17e4d2
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
xorg-x11-server-utils-7.4-15.el6_0.1.src.rpm
File outdated by:  RHSA-2013:0502
    MD5: 3e664f48d7ffe7affcd8281caf3b41a3
SHA-256: 1ccc0e8f577d781bc785bcf6ac16b0148a58d9c2863875f881bbd6c1aa9fdf5a
 
x86_64:
xorg-x11-server-utils-7.4-15.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2013:0502
    MD5: d586477311050c3354e059cee68bcbf4
SHA-256: 28eb4c5cce90a047302f40968462cd4092d3caa2774a998307d98fcced1e8cb3
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2013:0502
    MD5: 7057d580acd81ff962e319f6ee95ae3b
SHA-256: 962b60a2d8843d04f8e214381e523d7b27a612945fb0e41c6a27cd640ba51adc
 
Red Hat Enterprise Linux Long Life (v. 5.6 server)

SRPMS:
xorg-x11-server-utils-7.1-5.el5_6.1.src.rpm
File outdated by:  RHBA-2011:0454
    MD5: 22359adf1e6fa978004966e37c2cdf4a
SHA-256: 130f83e1194b2593a9cf154bf3d84d66b5b0c8767cf481e23002879cee2daf0b
 
IA-32:
xorg-x11-server-utils-7.1-5.el5_6.1.i386.rpm
File outdated by:  RHBA-2011:0454
    MD5: 0bb4d6537982877722ef82df1321072f
SHA-256: f00c0aa9e8264eb0a1f56783887bb0d110ce181010296a5d4185ae14a8a42f5e
 
IA-64:
xorg-x11-server-utils-7.1-5.el5_6.1.ia64.rpm
File outdated by:  RHBA-2011:0454
    MD5: 491ef34f1c2efc793bc8379c858e6e17
SHA-256: b07323c55f01c46ccb0838fb53bf3e4d0eeeac4ad88f45d050060ee12e2a4a5e
 
x86_64:
xorg-x11-server-utils-7.1-5.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2011:0454
    MD5: 3d7502638235c0cb69168e1c479eac0e
SHA-256: a24d17bb7fb70a91a37239c9a49363e95f07da06d1f51134ddaa3a238d17e4d2
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
xorg-x11-server-utils-7.4-15.el6_0.1.src.rpm
File outdated by:  RHSA-2013:0502
    MD5: 3e664f48d7ffe7affcd8281caf3b41a3
SHA-256: 1ccc0e8f577d781bc785bcf6ac16b0148a58d9c2863875f881bbd6c1aa9fdf5a
 
IA-32:
xorg-x11-server-utils-7.4-15.el6_0.1.i686.rpm
File outdated by:  RHSA-2013:0502
    MD5: c05bbf78060ec2b1c7e7b94acb839d3b
SHA-256: ec9ef74152f5910b070e2b1eab65e92724abeefef0c13a0d8f44c3eff9400100
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.i686.rpm
File outdated by:  RHSA-2013:0502
    MD5: 1ec3aae7683a839f535fd42bf5fc02f3
SHA-256: 6856ada7d525dbbd593f885818863e855a7a636c9d9528a805a609db47b9ee17
 
PPC:
xorg-x11-server-utils-7.4-15.el6_0.1.ppc64.rpm
File outdated by:  RHSA-2013:0502
    MD5: 454a77419e15db88c47f68e5d4959d6f
SHA-256: 243439c42abf79ec9bfb6c836cc97bc614cdbd36b428cfa49d7d97aab9e9b442
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.ppc64.rpm
File outdated by:  RHSA-2013:0502
    MD5: 07070c4e11b2b8fcd7326ad79133f1bb
SHA-256: a30d8f5cc3ce548f7f942ae200786f7db36dcb2cf939c2a624c9ebf7f98c9ce7
 
s390x:
xorg-x11-server-utils-7.4-15.el6_0.1.s390x.rpm
File outdated by:  RHSA-2013:0502
    MD5: 2ae2d4a8af79af77a5262376f7c7aaef
SHA-256: 30b9e79c13d31b9270fee6038db79525101dc1cefd54f03f5474a06e2026f20f
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.s390x.rpm
File outdated by:  RHSA-2013:0502
    MD5: 7560d8fa204b0c0012e21d93ec60cc02
SHA-256: 55a9edb73b7bab0ef99d6fde407596aaf5b34612a238a993cd2491add64ce8e4
 
x86_64:
xorg-x11-server-utils-7.4-15.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2013:0502
    MD5: d586477311050c3354e059cee68bcbf4
SHA-256: 28eb4c5cce90a047302f40968462cd4092d3caa2774a998307d98fcced1e8cb3
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2013:0502
    MD5: 7057d580acd81ff962e319f6ee95ae3b
SHA-256: 962b60a2d8843d04f8e214381e523d7b27a612945fb0e41c6a27cd640ba51adc
 
Red Hat Enterprise Linux Server EUS (v. 6.0.z)

SRPMS:
xorg-x11-server-utils-7.4-15.el6_0.1.src.rpm
File outdated by:  RHSA-2013:0502
    MD5: 3e664f48d7ffe7affcd8281caf3b41a3
SHA-256: 1ccc0e8f577d781bc785bcf6ac16b0148a58d9c2863875f881bbd6c1aa9fdf5a
 
IA-32:
xorg-x11-server-utils-7.4-15.el6_0.1.i686.rpm
File outdated by:  RHBA-2011:0453
    MD5: c05bbf78060ec2b1c7e7b94acb839d3b
SHA-256: ec9ef74152f5910b070e2b1eab65e92724abeefef0c13a0d8f44c3eff9400100
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.i686.rpm
File outdated by:  RHBA-2011:0453
    MD5: 1ec3aae7683a839f535fd42bf5fc02f3
SHA-256: 6856ada7d525dbbd593f885818863e855a7a636c9d9528a805a609db47b9ee17
 
PPC:
xorg-x11-server-utils-7.4-15.el6_0.1.ppc64.rpm
File outdated by:  RHBA-2011:0453
    MD5: 454a77419e15db88c47f68e5d4959d6f
SHA-256: 243439c42abf79ec9bfb6c836cc97bc614cdbd36b428cfa49d7d97aab9e9b442
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.ppc64.rpm
File outdated by:  RHBA-2011:0453
    MD5: 07070c4e11b2b8fcd7326ad79133f1bb
SHA-256: a30d8f5cc3ce548f7f942ae200786f7db36dcb2cf939c2a624c9ebf7f98c9ce7
 
s390x:
xorg-x11-server-utils-7.4-15.el6_0.1.s390x.rpm
File outdated by:  RHBA-2011:0453
    MD5: 2ae2d4a8af79af77a5262376f7c7aaef
SHA-256: 30b9e79c13d31b9270fee6038db79525101dc1cefd54f03f5474a06e2026f20f
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.s390x.rpm
File outdated by:  RHBA-2011:0453
    MD5: 7560d8fa204b0c0012e21d93ec60cc02
SHA-256: 55a9edb73b7bab0ef99d6fde407596aaf5b34612a238a993cd2491add64ce8e4
 
x86_64:
xorg-x11-server-utils-7.4-15.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2011:0453
    MD5: d586477311050c3354e059cee68bcbf4
SHA-256: 28eb4c5cce90a047302f40968462cd4092d3caa2774a998307d98fcced1e8cb3
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2011:0453
    MD5: 7057d580acd81ff962e319f6ee95ae3b
SHA-256: 962b60a2d8843d04f8e214381e523d7b27a612945fb0e41c6a27cd640ba51adc
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
xorg-x11-server-utils-7.4-15.el6_0.1.src.rpm
File outdated by:  RHSA-2013:0502
    MD5: 3e664f48d7ffe7affcd8281caf3b41a3
SHA-256: 1ccc0e8f577d781bc785bcf6ac16b0148a58d9c2863875f881bbd6c1aa9fdf5a
 
IA-32:
xorg-x11-server-utils-7.4-15.el6_0.1.i686.rpm
File outdated by:  RHSA-2013:0502
    MD5: c05bbf78060ec2b1c7e7b94acb839d3b
SHA-256: ec9ef74152f5910b070e2b1eab65e92724abeefef0c13a0d8f44c3eff9400100
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.i686.rpm
File outdated by:  RHSA-2013:0502
    MD5: 1ec3aae7683a839f535fd42bf5fc02f3
SHA-256: 6856ada7d525dbbd593f885818863e855a7a636c9d9528a805a609db47b9ee17
 
x86_64:
xorg-x11-server-utils-7.4-15.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2013:0502
    MD5: d586477311050c3354e059cee68bcbf4
SHA-256: 28eb4c5cce90a047302f40968462cd4092d3caa2774a998307d98fcced1e8cb3
xorg-x11-server-utils-debuginfo-7.4-15.el6_0.1.x86_64.rpm
File outdated by:  RHSA-2013:0502
    MD5: 7057d580acd81ff962e319f6ee95ae3b
SHA-256: 962b60a2d8843d04f8e214381e523d7b27a612945fb0e41c6a27cd640ba51adc
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

680196 - CVE-2011-0465 xorg: xrdb code execution via crafted X client hostname


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/