Skip to navigation

Security Advisory Low: xorg-x11-server security and bug fix update

Advisory: RHSA-2012:0303-3
Type: Security Advisory
Severity: Low
Issued on: 2012-02-21
Last updated on: 2012-02-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2011-4028

Details

Updated xorg-x11-server packages that fix one security issue and various
bugs are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

X.Org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.

A flaw was found in the way the X.Org server handled lock files. A local
user with access to the system console could use this flaw to determine the
existence of a file in a directory not accessible to the user, via a
symbolic link attack. (CVE-2011-4028)

Red Hat would like to thank the researcher with the nickname vladz for
reporting this issue.

This update also fixes the following bugs:

* In rare cases, if the front and back buffer of the miDbePositionWindow()
function were not both allocated in video memory, or were both allocated in
system memory, the X Window System sometimes terminated unexpectedly. A
patch has been provided to address this issue and X no longer crashes in
the described scenario. (BZ#596899)

* Previously, when the miSetShape() function called the miRegionDestroy()
function with a NULL region, X terminated unexpectedly if the backing store
was enabled. Now, X no longer crashes in the described scenario.
(BZ#676270)

* On certain workstations running in 32-bit mode, the X11 mouse cursor
occasionally became stuck near the left edge of the X11 screen. A patch has
been provided to address this issue and the mouse cursor no longer becomes
stuck in the described scenario. (BZ#529717)

* On certain workstations with a dual-head graphics adapter using the r500
driver in Zaphod mode, the mouse pointer was confined to one monitor screen
and could not move to the other screen. A patch has been provided to
address this issue and the mouse cursor works properly across both screens.
(BZ#559964)

* Due to a double free operation, Xvfb (X virtual framebuffer) terminated
unexpectedly with a segmentation fault randomly when the last client
disconnected, that is when the server reset. This bug has been fixed in the
miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)

* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an
integrated graphics adapter caused the server to terminate unexpectedly.
This bug has been fixed in the code and Xephyr no longer crashes in the
described scenario. (BZ#454409)

* Previously, when a client made a request bigger than 1/4th of the limit
advertised in the BigRequestsEnable reply, the X server closed the
connection unexpectedly. With this update, the maxBigRequestSize variable
has been added to the code to check the size of client requests, thus
fixing this bug. (BZ#555000)

* When an X client running on a big-endian system called the
XineramaQueryScreens() function, the X server terminated unexpectedly. This
bug has been fixed in the xf86Xinerama module and the X server no longer
crashes in the described scenario. (BZ#588346)

* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p
blade server, the installer did not set the correct mode on the built-in
KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a
very long time to appear and then was displayed incorrectly. A patch has
been provided to address this issue and the graphical installer now works
as expected in the described scenario. Note that this fix requires the
Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)

* Lines longer than 46,340 pixels can be drawn with one of the coordinates
being negative. However, for dashed lines, the miPolyBuildPoly() function
overflowed the "int" type when setting up edges for a section of a dashed
line. Consequently, dashed segments were not drawn at all. An upstream
patch has been applied to address this issue and dashed lines are now drawn
correctly. (BZ#649810)

All users of xorg-x11-server are advised to upgrade to these updated
packages, which correct these issues. All running X.Org server instances
must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
xorg-x11-server-1.1.1-48.90.el5.src.rpm
File outdated by:  RHBA-2014:0361
    MD5: 7a72de699da7fb9450c1a2336f4def09
SHA-256: 2e2bd6bb5236f757ecc4603dd8b103d57d9113bf7e7583fd5cf955fdecc5f330
 
IA-32:
xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 9c9cb94b0596f6e7ab9c40625ff6acb8
SHA-256: f48ff8ed28b91c387d797e1180ec33514ae444280b15b00a7da720dc87cc30db
xorg-x11-server-sdk-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: ad1abe47ca37a8b552a9146e33464711
SHA-256: 32bae54e2c0c4eb507f518b55fdb7fae653020eb6f71e7bad86d96fd715d93e8
 
x86_64:
xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: bc1bbd5bc5024d235f568aac395cf58d
SHA-256: a1ab062f87c7ee7a16b0ab874894e464e03b33d879ecbf14a4b04634d7259e47
xorg-x11-server-sdk-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 7a36873c456361e3d0b904bbce5a6c81
SHA-256: b5ddce5c1eec19427cbe9fde29e34eb1fb51ae7245c96dc7cbb2bb1390489b16
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
xorg-x11-server-1.1.1-48.90.el5.src.rpm
File outdated by:  RHBA-2014:0361
    MD5: 7a72de699da7fb9450c1a2336f4def09
SHA-256: 2e2bd6bb5236f757ecc4603dd8b103d57d9113bf7e7583fd5cf955fdecc5f330
 
IA-32:
xorg-x11-server-Xdmx-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 024f7417258e64ecaea99a5144561eec
SHA-256: 117010addaaedd5a14451e67b862f7085e4f0a47a0216a5ab02f86fb05f6eea3
xorg-x11-server-Xephyr-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 25fd58b14d536a09f2853892b040c25a
SHA-256: f62d58e2dcace4b0b205177917b9e4113b26e2ad9cfa7f7cbd0e22b90aa0f5c8
xorg-x11-server-Xnest-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: f10b9cc37ee19cecd42b039edf749fd9
SHA-256: 05682b29ddd0c3b08ec5a48e9811c059980f7a9bf761ee4aa5e44063f93768be
xorg-x11-server-Xorg-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 55ef8814def3f206203dcc30d3f9f880
SHA-256: e3e7c88dbc266f7e440bc39687f9b0929156516318693e4c06a7a1508c81cda3
xorg-x11-server-Xvfb-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 03191d1989d74df9f4e41c182866fa64
SHA-256: b174322b26092b344f63efac1f36ee85477ea9631209b648cc02c9dc62662ec1
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 25e22de76de07f141e41cadfd2525469
SHA-256: 14dbac4758c3092bbf3f44684cd4f6e09c3825154c34273e1b7d2f0ebc0a8257
xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 9c9cb94b0596f6e7ab9c40625ff6acb8
SHA-256: f48ff8ed28b91c387d797e1180ec33514ae444280b15b00a7da720dc87cc30db
xorg-x11-server-sdk-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: ad1abe47ca37a8b552a9146e33464711
SHA-256: 32bae54e2c0c4eb507f518b55fdb7fae653020eb6f71e7bad86d96fd715d93e8
 
IA-64:
xorg-x11-server-Xdmx-1.1.1-48.90.el5.ia64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 9a34bd23dc924235af9defa922e2d89e
SHA-256: b0957397aa52717f39c6588ae4f4f59cf91d82d0b1707093d6664f04afd68d57
xorg-x11-server-Xephyr-1.1.1-48.90.el5.ia64.rpm
File outdated by:  RHBA-2014:0361
    MD5: c37f329cbb7fe1b741d0118a745e2e0a
SHA-256: 499644524ef7af685dca5b19269ac8e71521e940d0c7b5f6a66f37f516bd6d10
xorg-x11-server-Xnest-1.1.1-48.90.el5.ia64.rpm
File outdated by:  RHBA-2014:0361
    MD5: b45df1e00a3f1f9fe101b73b82166319
SHA-256: b8804a1e6d84601ffb16690d5ef9eaf460abed1ca116ba256eb919f19c7c9909
xorg-x11-server-Xorg-1.1.1-48.90.el5.ia64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 8da8df851be987e1682fafd80e8deaf0
SHA-256: e43130cc631bc40c9ac9044f06e22acb4432747df39e760ad2ea46dae201e429
xorg-x11-server-Xvfb-1.1.1-48.90.el5.ia64.rpm
File outdated by:  RHBA-2014:0361
    MD5: dfca1dfb89ca058df750fa59ac583031
SHA-256: 71dd1f19b6bd4252a2521654ffbd49110a25932271d30cbcbba9d5576dfb0f83
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.ia64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 0ef2d9d4542c87c2a3a248eb35f7e377
SHA-256: 6ba8273f9879e272f8fd9117b627e124df7813823122ea6f7a234231f5d80c94
xorg-x11-server-debuginfo-1.1.1-48.90.el5.ia64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 68afe246cbe8ae5da4daaa5e1c2ddc25
SHA-256: e6fe82325cbe100a1c80bfdac1d8bb13b64d0c12f11ebc60e7b2ede4207d17ed
xorg-x11-server-sdk-1.1.1-48.90.el5.ia64.rpm
File outdated by:  RHBA-2014:0361
    MD5: c70a9337d1eb44705ede782ba7539024
SHA-256: 2ecbdf740b74e85d04018b7e764eb278bf30e5fd14b6713d11ada015638fead7
 
PPC:
xorg-x11-server-Xdmx-1.1.1-48.90.el5.ppc.rpm
File outdated by:  RHBA-2014:0361
    MD5: d6b0cbd08e237090406c5793aa2df16a
SHA-256: 930657080c577bea9d186ae1b8bd352b279aa81f0908961244246c381e5226d3
xorg-x11-server-Xephyr-1.1.1-48.90.el5.ppc.rpm
File outdated by:  RHBA-2014:0361
    MD5: 9e6166572b0390e3b6103ef9f2ab403d
SHA-256: 51c43218351569a87af514fac212208541a52f62b9a3775c585a278566a05f7a
xorg-x11-server-Xnest-1.1.1-48.90.el5.ppc.rpm
File outdated by:  RHBA-2014:0361
    MD5: cbe0e511b99a43433dcd4112ba42caf1
SHA-256: c7bef50334697a1bffbd0165c9d887de785998d7ee27101ddc378cadf2bc0f30
xorg-x11-server-Xorg-1.1.1-48.90.el5.ppc.rpm
File outdated by:  RHBA-2014:0361
    MD5: 8803e0b9b9bef6d3ac7ab7373137b766
SHA-256: 0360a420af04cd094a1616173b3b3c54c294fe6614b88d8a56a4cbf1916a09a7
xorg-x11-server-Xvfb-1.1.1-48.90.el5.ppc.rpm
File outdated by:  RHBA-2014:0361
    MD5: 7bb846ec0cb86cd74fae202220475491
SHA-256: 493f179115b42a310f36a1657b9282476cf93a6539312c170b5d8ce3238596ce
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.ppc.rpm
File outdated by:  RHBA-2014:0361
    MD5: 511749b4d53b4d25831f430a8585b36a
SHA-256: b58032b6cca46960cf0c8c1fa94fd0fad13f5afb34db5e5b003dd72b8470a946
xorg-x11-server-debuginfo-1.1.1-48.90.el5.ppc.rpm
File outdated by:  RHBA-2014:0361
    MD5: 580fb99840c2130d85dcf089c24654d4
SHA-256: 4b18f433ec41865c083f1a483f88d9344f1cc1d8256618e7eb62cab15e1b16c2
xorg-x11-server-sdk-1.1.1-48.90.el5.ppc.rpm
File outdated by:  RHBA-2014:0361
    MD5: 44045d8e3e06bfee1e6f8afbeb0364f5
SHA-256: 83aaa14970a3e786ec517bb84db0f5ef72a35efb364a501be6d7814021f5d710
 
s390x:
xorg-x11-server-Xephyr-1.1.1-48.90.el5.s390x.rpm
File outdated by:  RHBA-2014:0361
    MD5: be77ded0e69528ad4e66ded394fdb0c0
SHA-256: ccec0aafa5e2f4359ffaba64491079aec7df5ec12521ac1d38a821a4c7c594f0
xorg-x11-server-Xnest-1.1.1-48.90.el5.s390x.rpm
File outdated by:  RHBA-2014:0361
    MD5: f79b23c2bb41a5d7e78e412e780ecd33
SHA-256: fb757b7b56d89f6530faa7b4c45170c1fec7c4d6c5028a811201144b3c7c169b
xorg-x11-server-Xvfb-1.1.1-48.90.el5.s390x.rpm
File outdated by:  RHBA-2014:0361
    MD5: 884363d4dd34653cf605ee7dfafe055a
SHA-256: 1b2f6d53d94f933a9b5bfed96370511063497d0cd08ab4c62416e73dcbad3fb4
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.s390x.rpm
File outdated by:  RHBA-2014:0361
    MD5: 7803940efedd62d6b6fb489b3c24ebe8
SHA-256: 0c12001e79554d0f96c67f30155b8bab898860773aa569d5f2699a1339e1394f
xorg-x11-server-debuginfo-1.1.1-48.90.el5.s390x.rpm
File outdated by:  RHBA-2014:0361
    MD5: 9426cf22430aadacda53532a86e0b340
SHA-256: eecc2095c0f4b1557c9c9351e31f8ae459e9d3fd6d2ef2a47119f6a259fc5a5a
 
x86_64:
xorg-x11-server-Xdmx-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 8ca3b7fbea77e048db1830fec3c0369b
SHA-256: 2d7066358507decd2123f89c451437ce92f504f12fa5aedadd89fbd1c3dee306
xorg-x11-server-Xephyr-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 21785667d5d64986a8d1c54334033023
SHA-256: 2487fe20ed26f6416cb03aee424c44efcb4e4ab3857b72861480dc10409f9618
xorg-x11-server-Xnest-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 6b26406858a9ec95ad286062a6ac94a8
SHA-256: d13bf5590c91dc9376ec206d7434431558d8eb8c8f3b971ba591f95ee7f6db48
xorg-x11-server-Xorg-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: bdb4823a8fbff641873ecb82d0d0339b
SHA-256: be6de7cc1992e486984705709e89cffaacca1132c571f5ae3be9cdf309397a8f
xorg-x11-server-Xvfb-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: c2a6074d76b9b762e7857ed3e2d6a381
SHA-256: 58e62aeb4a64a3720c331686f47e0def66d6455e9bc484b2b8767cc3e6875ad0
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 1255cb0f63704df6b37d52ae77091c32
SHA-256: 947a1b4c50899e5f00ee1f6d987782f299f8bdb25e67dcb5a0849c1222702b5d
xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: bc1bbd5bc5024d235f568aac395cf58d
SHA-256: a1ab062f87c7ee7a16b0ab874894e464e03b33d879ecbf14a4b04634d7259e47
xorg-x11-server-sdk-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 7a36873c456361e3d0b904bbce5a6c81
SHA-256: b5ddce5c1eec19427cbe9fde29e34eb1fb51ae7245c96dc7cbb2bb1390489b16
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
xorg-x11-server-1.1.1-48.90.el5.src.rpm
File outdated by:  RHBA-2014:0361
    MD5: 7a72de699da7fb9450c1a2336f4def09
SHA-256: 2e2bd6bb5236f757ecc4603dd8b103d57d9113bf7e7583fd5cf955fdecc5f330
 
IA-32:
xorg-x11-server-Xdmx-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 024f7417258e64ecaea99a5144561eec
SHA-256: 117010addaaedd5a14451e67b862f7085e4f0a47a0216a5ab02f86fb05f6eea3
xorg-x11-server-Xephyr-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 25fd58b14d536a09f2853892b040c25a
SHA-256: f62d58e2dcace4b0b205177917b9e4113b26e2ad9cfa7f7cbd0e22b90aa0f5c8
xorg-x11-server-Xnest-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: f10b9cc37ee19cecd42b039edf749fd9
SHA-256: 05682b29ddd0c3b08ec5a48e9811c059980f7a9bf761ee4aa5e44063f93768be
xorg-x11-server-Xorg-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 55ef8814def3f206203dcc30d3f9f880
SHA-256: e3e7c88dbc266f7e440bc39687f9b0929156516318693e4c06a7a1508c81cda3
xorg-x11-server-Xvfb-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 03191d1989d74df9f4e41c182866fa64
SHA-256: b174322b26092b344f63efac1f36ee85477ea9631209b648cc02c9dc62662ec1
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 25e22de76de07f141e41cadfd2525469
SHA-256: 14dbac4758c3092bbf3f44684cd4f6e09c3825154c34273e1b7d2f0ebc0a8257
xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm
File outdated by:  RHBA-2014:0361
    MD5: 9c9cb94b0596f6e7ab9c40625ff6acb8
SHA-256: f48ff8ed28b91c387d797e1180ec33514ae444280b15b00a7da720dc87cc30db
 
x86_64:
xorg-x11-server-Xdmx-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 8ca3b7fbea77e048db1830fec3c0369b
SHA-256: 2d7066358507decd2123f89c451437ce92f504f12fa5aedadd89fbd1c3dee306
xorg-x11-server-Xephyr-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 21785667d5d64986a8d1c54334033023
SHA-256: 2487fe20ed26f6416cb03aee424c44efcb4e4ab3857b72861480dc10409f9618
xorg-x11-server-Xnest-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 6b26406858a9ec95ad286062a6ac94a8
SHA-256: d13bf5590c91dc9376ec206d7434431558d8eb8c8f3b971ba591f95ee7f6db48
xorg-x11-server-Xorg-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: bdb4823a8fbff641873ecb82d0d0339b
SHA-256: be6de7cc1992e486984705709e89cffaacca1132c571f5ae3be9cdf309397a8f
xorg-x11-server-Xvfb-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: c2a6074d76b9b762e7857ed3e2d6a381
SHA-256: 58e62aeb4a64a3720c331686f47e0def66d6455e9bc484b2b8767cc3e6875ad0
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: 1255cb0f63704df6b37d52ae77091c32
SHA-256: 947a1b4c50899e5f00ee1f6d987782f299f8bdb25e67dcb5a0849c1222702b5d
xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm
File outdated by:  RHBA-2014:0361
    MD5: bc1bbd5bc5024d235f568aac395cf58d
SHA-256: a1ab062f87c7ee7a16b0ab874894e464e03b33d879ecbf14a4b04634d7259e47
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

454409 - Xephyr ends with Segmentation fault
529717 - [RHEL5] HP DC5850: mice get stuck on left edge (X11 acceleration overflow?)
555000 - Using BIG-REQUESTS cause XIO and connection close
559964 - Pointer confined to one monitor with r500 in zaphod mode
588346 - XineramaQueryScreens() from an X client on a big endian machine cause the Xserver to crash
649810 - Integer overflow for dashed lines longer than 46340
676270 - Xserver segfaults in miwindow.c when backing store is enabled
745755 - CVE-2011-4028 xorg-x11, xorg-x11-server: File existence disclosure vulnerability


References


Keywords

fbdev, installer


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/