Skip to navigation

Security Advisory Low: Core X11 clients security, bug fix, and enhancement update

Advisory: RHSA-2013:0502-2
Type: Security Advisory
Severity: Low
Issued on: 2013-02-21
Last updated on: 2013-02-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-2504

Details

Updated core client packages for the X Window System that fix one security
issue, several bugs, and add various enhancements are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The Core X11 clients packages provide the xorg-x11-utils,
xorg-x11-server-utils, and xorg-x11-apps clients that ship with the X
Window System.

It was found that the x11perfcomp utility included the current working
directory in its PATH environment variable. Running x11perfcomp in an
attacker-controlled directory would cause arbitrary code execution with
the privileges of the user running x11perfcomp. (CVE-2011-2504)

Also with this update, the xorg-x11-utils and xorg-x11-server-utils
packages have been upgraded to upstream version 7.5, and the xorg-x11-apps
package to upstream version 7.6, which provides a number of bug fixes and
enhancements over the previous versions. (BZ#835277, BZ#835278, BZ#835281)

All users of xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps are
advised to upgrade to these updated packages, which fix these issues and
add these enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
xorg-x11-apps-7.6-6.el6.src.rpm     MD5: 7e12fd73da647dccc69a4776c2f1f787
SHA-256: a1f161688acb00be597b2eb149e3fd4aa6831491fadac7729097ba98f83018ef
xorg-x11-server-utils-7.5-13.el6.src.rpm     MD5: 6fb92304c998069df1d5914a4e03aff9
SHA-256: dd911196d6e7bbdfb1f7def842ee84e587a9f0d72ce4d3934ba8f693df23e69e
xorg-x11-utils-7.5-6.el6.src.rpm     MD5: a4f0f06f1a3d806a696ec7a550d41ae1
SHA-256: ff7ebca6a3ee58c4dd84346b2cee9d5a76e9e515351c918ec397959840ff7b13
 
IA-32:
xorg-x11-apps-7.6-6.el6.i686.rpm     MD5: 97abd15e1a25626d7fffbff059c9a81c
SHA-256: d76385e132329bd60073015d0a158db301a266eb5dfaa076fc59d7739f79963b
xorg-x11-apps-debuginfo-7.6-6.el6.i686.rpm     MD5: ef7e71cd4b88c66143a611294ed9b3d0
SHA-256: 4c2ad348fe991e5c96ef1ed1ef748f75e2ccac9580405d86c65fe365e1e8d103
xorg-x11-server-utils-7.5-13.el6.i686.rpm     MD5: c740ae3c062a23a4d64f4a522d70b5d4
SHA-256: 2de5cabc94642603364076ec802670e31f72a0b2e772386a5c9d00ef20079714
xorg-x11-server-utils-debuginfo-7.5-13.el6.i686.rpm     MD5: 2d03676adbd33def3ec56cab505e5e7a
SHA-256: d51debb90bc1347bb98895ce5d7acb4f3f1caa497098869a80369d314956e2e3
xorg-x11-utils-7.5-6.el6.i686.rpm     MD5: 7ae773aa3251b6de64672f53292664f1
SHA-256: ad5eaf94788ee1dbb806a59784c076e1d69562697d75062031ffb2a34325e540
xorg-x11-utils-debuginfo-7.5-6.el6.i686.rpm     MD5: bf881a22c36042e661cb06c997395eb8
SHA-256: fe05623f268a620c0f6b9b78e389f040bbf98fc3617994187bcd58d4d553a250
 
x86_64:
xorg-x11-apps-7.6-6.el6.x86_64.rpm     MD5: 6801497835190eb9fce7a721fc4472c9
SHA-256: 627308dca92976c77d16ca49c0304aa8a9c9330be47fa86a220888c014bdca86
xorg-x11-apps-debuginfo-7.6-6.el6.x86_64.rpm     MD5: 6ac9975023c14b0ac1c5109691407630
SHA-256: f677ada783de54811a03ba82386f1a83b35186f8ba01a57b0bbdcad4edb5939f
xorg-x11-server-utils-7.5-13.el6.x86_64.rpm     MD5: bb0344b7934c5fecbb91596e3427e792
SHA-256: c0cf16854609e0643d2d2d3b36e1b9ff68890780863fda7e019c154f9bb7629a
xorg-x11-server-utils-debuginfo-7.5-13.el6.x86_64.rpm     MD5: 7bea59774f14ec9072e03168d3839f69
SHA-256: e3b07a3498894cc6d74f2581ba4bd00ce54b3ef4501345124640ff57f5293e6f
xorg-x11-utils-7.5-6.el6.x86_64.rpm     MD5: 8379920faf1f13301e88cd174c98c84f
SHA-256: 00aa4e2bc2ecab17553ca6f71e6ee11074b828a9befe1e41b6bd8a807ca8d530
xorg-x11-utils-debuginfo-7.5-6.el6.x86_64.rpm     MD5: 3c59f156b9673f84e38bc9b53c8e5f4b
SHA-256: 98b769e15fedfa64a0cf72b92106cd8a2cd38d1ea388ba7309cd329d5b5f3a34
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
xorg-x11-server-utils-7.5-13.el6.src.rpm     MD5: 6fb92304c998069df1d5914a4e03aff9
SHA-256: dd911196d6e7bbdfb1f7def842ee84e587a9f0d72ce4d3934ba8f693df23e69e
xorg-x11-utils-7.5-6.el6.src.rpm     MD5: a4f0f06f1a3d806a696ec7a550d41ae1
SHA-256: ff7ebca6a3ee58c4dd84346b2cee9d5a76e9e515351c918ec397959840ff7b13
 
x86_64:
xorg-x11-server-utils-7.5-13.el6.x86_64.rpm     MD5: bb0344b7934c5fecbb91596e3427e792
SHA-256: c0cf16854609e0643d2d2d3b36e1b9ff68890780863fda7e019c154f9bb7629a
xorg-x11-server-utils-debuginfo-7.5-13.el6.x86_64.rpm     MD5: 7bea59774f14ec9072e03168d3839f69
SHA-256: e3b07a3498894cc6d74f2581ba4bd00ce54b3ef4501345124640ff57f5293e6f
xorg-x11-utils-7.5-6.el6.x86_64.rpm     MD5: 8379920faf1f13301e88cd174c98c84f
SHA-256: 00aa4e2bc2ecab17553ca6f71e6ee11074b828a9befe1e41b6bd8a807ca8d530
xorg-x11-utils-debuginfo-7.5-6.el6.x86_64.rpm     MD5: 3c59f156b9673f84e38bc9b53c8e5f4b
SHA-256: 98b769e15fedfa64a0cf72b92106cd8a2cd38d1ea388ba7309cd329d5b5f3a34
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
xorg-x11-apps-7.6-6.el6.src.rpm     MD5: 7e12fd73da647dccc69a4776c2f1f787
SHA-256: a1f161688acb00be597b2eb149e3fd4aa6831491fadac7729097ba98f83018ef
xorg-x11-server-utils-7.5-13.el6.src.rpm     MD5: 6fb92304c998069df1d5914a4e03aff9
SHA-256: dd911196d6e7bbdfb1f7def842ee84e587a9f0d72ce4d3934ba8f693df23e69e
xorg-x11-utils-7.5-6.el6.src.rpm     MD5: a4f0f06f1a3d806a696ec7a550d41ae1
SHA-256: ff7ebca6a3ee58c4dd84346b2cee9d5a76e9e515351c918ec397959840ff7b13
 
IA-32:
xorg-x11-apps-7.6-6.el6.i686.rpm     MD5: 97abd15e1a25626d7fffbff059c9a81c
SHA-256: d76385e132329bd60073015d0a158db301a266eb5dfaa076fc59d7739f79963b
xorg-x11-apps-debuginfo-7.6-6.el6.i686.rpm     MD5: ef7e71cd4b88c66143a611294ed9b3d0
SHA-256: 4c2ad348fe991e5c96ef1ed1ef748f75e2ccac9580405d86c65fe365e1e8d103
xorg-x11-server-utils-7.5-13.el6.i686.rpm     MD5: c740ae3c062a23a4d64f4a522d70b5d4
SHA-256: 2de5cabc94642603364076ec802670e31f72a0b2e772386a5c9d00ef20079714
xorg-x11-server-utils-debuginfo-7.5-13.el6.i686.rpm     MD5: 2d03676adbd33def3ec56cab505e5e7a
SHA-256: d51debb90bc1347bb98895ce5d7acb4f3f1caa497098869a80369d314956e2e3
xorg-x11-utils-7.5-6.el6.i686.rpm     MD5: 7ae773aa3251b6de64672f53292664f1
SHA-256: ad5eaf94788ee1dbb806a59784c076e1d69562697d75062031ffb2a34325e540
xorg-x11-utils-debuginfo-7.5-6.el6.i686.rpm     MD5: bf881a22c36042e661cb06c997395eb8
SHA-256: fe05623f268a620c0f6b9b78e389f040bbf98fc3617994187bcd58d4d553a250
 
PPC:
xorg-x11-apps-7.6-6.el6.ppc64.rpm     MD5: 1d99b3190151d485046b7140f4405ae8
SHA-256: 6ebdd7e4e864a30ed1a8eb818e211aff4ad46a24a7fa48508614c1b767a462d9
xorg-x11-apps-debuginfo-7.6-6.el6.ppc64.rpm     MD5: 14991bf3bbf2703c8f8b989a32fa737f
SHA-256: d828f12da4c4e5f79592a40cdcbfd9057dee1bfb498c433ca93822d293640f7b
xorg-x11-server-utils-7.5-13.el6.ppc64.rpm     MD5: cb4e21bc9d6561a8120d8da6392a1ad5
SHA-256: e23a14a40f8fe91317eff121092b2bb1e247e728d42e22a68e130a080fb4710f
xorg-x11-server-utils-debuginfo-7.5-13.el6.ppc64.rpm     MD5: 337aa7810b892ce1a8d2c88658f4356d
SHA-256: 0b416bf9f424ac1eaac0ec71167a8cb1221f71e8cdb6ada3c5e74b9021e4322e
xorg-x11-utils-7.5-6.el6.ppc64.rpm     MD5: a0d744c289c0fcb22de52fcae77c24aa
SHA-256: ee6472e6501aa8422c41e58bbdc9f511a9371ede1e6556b0a950430e71637761
xorg-x11-utils-debuginfo-7.5-6.el6.ppc64.rpm     MD5: d8527cdca46de799dfbdd541d1e7d7ae
SHA-256: 0632c2ca09f9dbfb06a8fa36a6c0d26dab7873604b0b5370ebe876afff72f09e
 
s390x:
xorg-x11-apps-7.6-6.el6.s390x.rpm     MD5: 226f93c1f5abf81d2ea023411be36ca6
SHA-256: 3341909962ca7e1b6f47ae99dbf07b7e18554e4709979037d51344777d83adff
xorg-x11-apps-debuginfo-7.6-6.el6.s390x.rpm     MD5: 1b56c19fb71dc9b1134dcd8794864908
SHA-256: 2f4a2615f248bb6c6063a4fe723c96cf7222df110ff6f86490690a84344379f0
xorg-x11-server-utils-7.5-13.el6.s390x.rpm     MD5: a0a3c834ce76f1ede26f47e4e8670f8b
SHA-256: 50f7685aa9584dc683c2c9e615beb3e0df4942efcda6f591215c0118164bcb67
xorg-x11-server-utils-debuginfo-7.5-13.el6.s390x.rpm     MD5: 5580ce2e7295de423b9eda684ed52f5a
SHA-256: 6a43b023039abbdab2e43e2155020a52c4cc62d17647bbe9edab9c72e3f23d2b
xorg-x11-utils-7.5-6.el6.s390x.rpm     MD5: 391c7198df218557bd6062c9ee1fa702
SHA-256: f0626c94005799fd55ce86955102929f6730bcd975623878db50f08d8f3eda4c
xorg-x11-utils-debuginfo-7.5-6.el6.s390x.rpm     MD5: f4a01ad5c27465e1c3ce08dd7ea6e65e
SHA-256: 4046cc9897a697b3fc5a55c8e2cea2c2e7ef90b87981c26de9cacd862349f4fd
 
x86_64:
xorg-x11-apps-7.6-6.el6.x86_64.rpm     MD5: 6801497835190eb9fce7a721fc4472c9
SHA-256: 627308dca92976c77d16ca49c0304aa8a9c9330be47fa86a220888c014bdca86
xorg-x11-apps-debuginfo-7.6-6.el6.x86_64.rpm     MD5: 6ac9975023c14b0ac1c5109691407630
SHA-256: f677ada783de54811a03ba82386f1a83b35186f8ba01a57b0bbdcad4edb5939f
xorg-x11-server-utils-7.5-13.el6.x86_64.rpm     MD5: bb0344b7934c5fecbb91596e3427e792
SHA-256: c0cf16854609e0643d2d2d3b36e1b9ff68890780863fda7e019c154f9bb7629a
xorg-x11-server-utils-debuginfo-7.5-13.el6.x86_64.rpm     MD5: 7bea59774f14ec9072e03168d3839f69
SHA-256: e3b07a3498894cc6d74f2581ba4bd00ce54b3ef4501345124640ff57f5293e6f
xorg-x11-utils-7.5-6.el6.x86_64.rpm     MD5: 8379920faf1f13301e88cd174c98c84f
SHA-256: 00aa4e2bc2ecab17553ca6f71e6ee11074b828a9befe1e41b6bd8a807ca8d530
xorg-x11-utils-debuginfo-7.5-6.el6.x86_64.rpm     MD5: 3c59f156b9673f84e38bc9b53c8e5f4b
SHA-256: 98b769e15fedfa64a0cf72b92106cd8a2cd38d1ea388ba7309cd329d5b5f3a34
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
xorg-x11-apps-7.6-6.el6.src.rpm     MD5: 7e12fd73da647dccc69a4776c2f1f787
SHA-256: a1f161688acb00be597b2eb149e3fd4aa6831491fadac7729097ba98f83018ef
xorg-x11-server-utils-7.5-13.el6.src.rpm     MD5: 6fb92304c998069df1d5914a4e03aff9
SHA-256: dd911196d6e7bbdfb1f7def842ee84e587a9f0d72ce4d3934ba8f693df23e69e
xorg-x11-utils-7.5-6.el6.src.rpm     MD5: a4f0f06f1a3d806a696ec7a550d41ae1
SHA-256: ff7ebca6a3ee58c4dd84346b2cee9d5a76e9e515351c918ec397959840ff7b13
 
IA-32:
xorg-x11-apps-7.6-6.el6.i686.rpm     MD5: 97abd15e1a25626d7fffbff059c9a81c
SHA-256: d76385e132329bd60073015d0a158db301a266eb5dfaa076fc59d7739f79963b
xorg-x11-apps-debuginfo-7.6-6.el6.i686.rpm     MD5: ef7e71cd4b88c66143a611294ed9b3d0
SHA-256: 4c2ad348fe991e5c96ef1ed1ef748f75e2ccac9580405d86c65fe365e1e8d103
xorg-x11-server-utils-7.5-13.el6.i686.rpm     MD5: c740ae3c062a23a4d64f4a522d70b5d4
SHA-256: 2de5cabc94642603364076ec802670e31f72a0b2e772386a5c9d00ef20079714
xorg-x11-server-utils-debuginfo-7.5-13.el6.i686.rpm     MD5: 2d03676adbd33def3ec56cab505e5e7a
SHA-256: d51debb90bc1347bb98895ce5d7acb4f3f1caa497098869a80369d314956e2e3
xorg-x11-utils-7.5-6.el6.i686.rpm     MD5: 7ae773aa3251b6de64672f53292664f1
SHA-256: ad5eaf94788ee1dbb806a59784c076e1d69562697d75062031ffb2a34325e540
xorg-x11-utils-debuginfo-7.5-6.el6.i686.rpm     MD5: bf881a22c36042e661cb06c997395eb8
SHA-256: fe05623f268a620c0f6b9b78e389f040bbf98fc3617994187bcd58d4d553a250
 
x86_64:
xorg-x11-apps-7.6-6.el6.x86_64.rpm     MD5: 6801497835190eb9fce7a721fc4472c9
SHA-256: 627308dca92976c77d16ca49c0304aa8a9c9330be47fa86a220888c014bdca86
xorg-x11-apps-debuginfo-7.6-6.el6.x86_64.rpm     MD5: 6ac9975023c14b0ac1c5109691407630
SHA-256: f677ada783de54811a03ba82386f1a83b35186f8ba01a57b0bbdcad4edb5939f
xorg-x11-server-utils-7.5-13.el6.x86_64.rpm     MD5: bb0344b7934c5fecbb91596e3427e792
SHA-256: c0cf16854609e0643d2d2d3b36e1b9ff68890780863fda7e019c154f9bb7629a
xorg-x11-server-utils-debuginfo-7.5-13.el6.x86_64.rpm     MD5: 7bea59774f14ec9072e03168d3839f69
SHA-256: e3b07a3498894cc6d74f2581ba4bd00ce54b3ef4501345124640ff57f5293e6f
xorg-x11-utils-7.5-6.el6.x86_64.rpm     MD5: 8379920faf1f13301e88cd174c98c84f
SHA-256: 00aa4e2bc2ecab17553ca6f71e6ee11074b828a9befe1e41b6bd8a807ca8d530
xorg-x11-utils-debuginfo-7.5-6.el6.x86_64.rpm     MD5: 3c59f156b9673f84e38bc9b53c8e5f4b
SHA-256: 98b769e15fedfa64a0cf72b92106cd8a2cd38d1ea388ba7309cd329d5b5f3a34
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

717672 - CVE-2011-2504 x11perfcomp has dot in its path


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/