ID CVE-2011-4029
Summary The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
References
Vulnerable Configurations
  • X.Org xserver 1.11.1
    cpe:2.3:a:x:x_server:1.11.1
  • X.Org xserver 1.11.0
    cpe:2.3:a:x:x_server:1.11.0
CVSS
Base: 1.9 (as of 03-07-2012 - 17:01)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Xorg 1.4 < 1.11.2 - File Permission Change PoC. CVE-2011-4029,CVE-2011-4613. Local exploit for linux platform
id EDB-ID:18040
last seen 2016-02-02
modified 2011-10-28
published 2011-10-28
reporter vladz
source https://www.exploit-db.com/download/18040/
title Xorg 1.4 < 1.11.2 - File Permission Change PoC
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_XORG-X11-SERVER-RDP-120410.NASL
    description This update of xorg-x11-server-rdp fixed the following security issues : - memory exhaustion flaw CVE-2011-4028 / CVE-2011-4029 - race condition flaw. (CVE-2010-2240)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64240
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64240
    title SuSE 11.1 / 11.2 Security Update : xorg-x11-server-rdp (SAT Patch Numbers 6111 / 6113)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1232-2.NASL
    description USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support. This update temporarily disables the fix for CVE-2010-4818 that introduced the regression. We apologize for the inconvenience. It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-4818) It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4819) Vladz discovered that the X server incorrectly handled lock files. A local attacker could use this flaw to determine if a file existed or not. (CVE-2011-4028) Vladz discovered that the X server incorrectly handled setting lock file permissions. A local attacker could use this flaw to gain read permissions on arbitrary files and view sensitive information. (CVE-2011-4029). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 56563
    published 2011-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56563
    title Ubuntu 10.04 LTS : xorg-server regression (USN-1232-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_XORG-X11-XVNC-111124.NASL
    description This update fixes two security issues with the X server : - A local attacker could find out if a file exists by exploiting the way that Xorg creates its lock files. (CVE-2011-4028) - A non-root local user could set the read permission for all users on any file or directory. (CVE-2011-4029)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 57138
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57138
    title SuSE 11.1 Security Update : xorg-x11-server (SAT Patch Number 5479)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1232-1.NASL
    description It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-4818) It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4819) Vladz discovered that the X server incorrectly handled lock files. A local attacker could use this flaw to determine if a file existed or not. (CVE-2011-4028) Vladz discovered that the X server incorrectly handled setting lock file permissions. A local attacker could use this flaw to gain read permissions on arbitrary files and view sensitive information. (CVE-2011-4029). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 56555
    published 2011-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56555
    title Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : xorg-server vulnerabilities (USN-1232-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_XORG-X11-SERVER-DMX-120410.NASL
    description This update of xorg-x11-server-dmx fixed the following security issues : - memory exhaustion flaw CVE-2011-4028 / CVE-2011-4029 - race condition flaw. (CVE-2010-2240)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64239
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64239
    title SuSE 11.1 Security Update : xorg-x11-server-dmx, xorg-x11-server-dmx-debuginfo, etc (SAT Patch Number 6112)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8441957CF9B411E0A78ABCAEC565249C.NASL
    description Matthieu Herrb reports : It is possible to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. This is caused by the fact that the X server is behaving differently if the lock file already exists as a symbolic link pointing to an existing or non-existing file. It is possible for a non-root user to set the permissions for all users on any file or directory to 444, giving unwanted read access or causing denies of service (by removing execute permission). This is caused by a race between creating the lock file and setting its access modes.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 56548
    published 2011-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56548
    title FreeBSD : Xorg server -- two vulnerabilities in X server lock handling code (8441957c-f9b4-11e0-a78a-bcaec565249c)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1232-3.NASL
    description USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support, and USN-1232-2 was released to temporarily disable the problematic security fix. This update includes a revised fix for CVE-2010-4818. We apologize for the inconvenience. It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-4818) It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4819) Vladz discovered that the X server incorrectly handled lock files. A local attacker could use this flaw to determine if a file existed or not. (CVE-2011-4028) Vladz discovered that the X server incorrectly handled setting lock file permissions. A local attacker could use this flaw to gain read permissions on arbitrary files and view sensitive information. (CVE-2011-4029). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 56580
    published 2011-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56580
    title Ubuntu 10.04 LTS / 10.10 : xorg-server vulnerability (USN-1232-3)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_XORG_20120417.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. (CVE-2011-4028) - The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. (CVE-2011-4029)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80818
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80818
    title Oracle Solaris Third-Party Patch Update : xorg (cve_2011_4028_information_disclosure)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0939.NASL
    description Updated xorg-x11-server packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information. (CVE-2011-4029) Red Hat would like to thank the researcher with the nickname vladz for reporting these issues. This update also fixes the following bugs : * Prior to this update, the KDE Display Manager (KDM) could pass invalid 24bpp pixmap formats to the X server. As a consequence, the X server could unexpectedly abort. This update modifies the underlying code to pass the correct formats. (BZ#651934, BZ#722860) * Prior to this update, absolute input devices, like the stylus of a graphic tablet, could become unresponsive in the right-most or bottom-most screen if the X server was configured as a multi-screen setup through multiple 'Device' sections in the xorg.conf file. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens. (BZ#732467) * Prior to this update, the misleading message 'Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor.' could be displayed after resuming the system or re-enabling the display, and included a URL to an external web page. This update removes this message. (BZ#748704) * Prior to this update, the erroneous input handling code of the Xephyr server disabled screens on a screen crossing event. The focus was only on the screen where the mouse was located and only this screen was updated when the Xephyr nested X server was configured in a multi-screen setup. This update removes this code and Xephyr now correctly updates screens in multi-screen setups. (BZ#757792) * Prior to this update, raw events did not contain relative axis values. As a consequence, clients which relied on relative values for functioning did not behave as expected. This update sets the values to the original driver values instead of the already transformed values. Now, raw events contain relative axis values as expected. (BZ#805377) All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59932
    published 2012-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59932
    title CentOS 6 : xorg-x11-server (CESA-2012:0939)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-104.NASL
    description A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information. (CVE-2011-4029)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69594
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69594
    title Amazon Linux AMI : xorg-x11-server (ALAS-2012-104)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_XORG-X11-XVNC-111201.NASL
    description The X server had two security issues and one bug that is fixed by this update. CVE-2011-4028: It is possible for a local attacker to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. CVE-2011-4029: It is possible for a non-root local user to set the read permission for all users on any file or directory.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75780
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75780
    title openSUSE Security Update : xorg-x11-Xvnc (openSUSE-SU-2012:0227-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0939.NASL
    description Updated xorg-x11-server packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information. (CVE-2011-4029) Red Hat would like to thank the researcher with the nickname vladz for reporting these issues. This update also fixes the following bugs : * Prior to this update, the KDE Display Manager (KDM) could pass invalid 24bpp pixmap formats to the X server. As a consequence, the X server could unexpectedly abort. This update modifies the underlying code to pass the correct formats. (BZ#651934, BZ#722860) * Prior to this update, absolute input devices, like the stylus of a graphic tablet, could become unresponsive in the right-most or bottom-most screen if the X server was configured as a multi-screen setup through multiple 'Device' sections in the xorg.conf file. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens. (BZ#732467) * Prior to this update, the misleading message 'Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor.' could be displayed after resuming the system or re-enabling the display, and included a URL to an external web page. This update removes this message. (BZ#748704) * Prior to this update, the erroneous input handling code of the Xephyr server disabled screens on a screen crossing event. The focus was only on the screen where the mouse was located and only this screen was updated when the Xephyr nested X server was configured in a multi-screen setup. This update removes this code and Xephyr now correctly updates screens in multi-screen setups. (BZ#757792) * Prior to this update, raw events did not contain relative axis values. As a consequence, clients which relied on relative values for functioning did not behave as expected. This update sets the values to the original driver values instead of the already transformed values. Now, raw events contain relative axis values as expected. (BZ#805377) All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59597
    published 2012-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59597
    title RHEL 6 : xorg-x11-server (RHSA-2012:0939)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120620_XORG_X11_SERVER_ON_SL6_X.NASL
    description X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information. (CVE-2011-4029) This update also fixes the following bugs : - Prior to this update, the KDE Display Manager (KDM) could pass invalid 24bpp pixmap formats to the X server. As a consequence, the X server could unexpectedly abort. This update modifies the underlying code to pass the correct formats. - Prior to this update, absolute input devices, like the stylus of a graphic tablet, could become unresponsive in the right-most or bottom-most screen if the X server was configured as a multi-screen setup through multiple 'Device' sections in the xorg.conf file. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens. - Prior to this update, the misleading message 'Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor.' could be displayed after resuming the system or re-enabling the display, and included a URL to an external web page. This update removes this message. - Prior to this update, the erroneous input handling code of the Xephyr server disabled screens on a screen crossing event. The focus was only on the screen where the mouse was located and only this screen was updated when the Xephyr nested X server was configured in a multi-screen setup. This update removes this code and Xephyr now correctly updates screens in multi-screen setups. - Prior to this update, raw events did not contain relative axis values. As a consequence, clients which relied on relative values for functioning did not behave as expected. This update sets the values to the original driver values instead of the already transformed values. Now, raw events contain relative axis values as expected. All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61351
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61351
    title Scientific Linux Security Update : xorg-x11-server on SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0939.NASL
    description From Red Hat Security Advisory 2012:0939 : Updated xorg-x11-server packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information. (CVE-2011-4029) Red Hat would like to thank the researcher with the nickname vladz for reporting these issues. This update also fixes the following bugs : * Prior to this update, the KDE Display Manager (KDM) could pass invalid 24bpp pixmap formats to the X server. As a consequence, the X server could unexpectedly abort. This update modifies the underlying code to pass the correct formats. (BZ#651934, BZ#722860) * Prior to this update, absolute input devices, like the stylus of a graphic tablet, could become unresponsive in the right-most or bottom-most screen if the X server was configured as a multi-screen setup through multiple 'Device' sections in the xorg.conf file. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens. (BZ#732467) * Prior to this update, the misleading message 'Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor.' could be displayed after resuming the system or re-enabling the display, and included a URL to an external web page. This update removes this message. (BZ#748704) * Prior to this update, the erroneous input handling code of the Xephyr server disabled screens on a screen crossing event. The focus was only on the screen where the mouse was located and only this screen was updated when the Xephyr nested X server was configured in a multi-screen setup. This update removes this code and Xephyr now correctly updates screens in multi-screen setups. (BZ#757792) * Prior to this update, raw events did not contain relative axis values. As a consequence, clients which relied on relative values for functioning did not behave as expected. This update sets the values to the original driver values instead of the already transformed values. Now, raw events contain relative axis values as expected. (BZ#805377) All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68561
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68561
    title Oracle Linux 6 : xorg-x11-server (ELSA-2012-0939)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-19 (X.Org X Server: Multiple vulnerabilities) vladz reported the following vulnerabilities in the X.Org X server: The X.Org X server follows symbolic links when trying to access the lock file for a X display, showing a predictable behavior depending on the file type of the link target (CVE-2011-4028). The X.Org X server lock file mechanism allows for a race condition to cause the X server to modify the file permissions of an arbitrary file to 0444 (CVE-2011-4029). Impact : A local attacker could exploit these vulnerabilities to disclose information by making arbitrary files on a system world-readable or gain information whether a specified file exists on the system and whether it is a file, directory, or a named pipe. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56594
    published 2011-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56594
    title GLSA-201110-19 : X.Org X Server: Multiple vulnerabilities
packetstorm via4
data source https://packetstormsecurity.com/files/download/106307/xorg-poc.txt
id PACKETSTORM:106307
last seen 2016-12-05
published 2011-10-27
reporter vladz
source https://packetstormsecurity.com/files/106307/Xorg-Permission-Change.html
title Xorg Permission Change
redhat via4
advisories
bugzilla
id 805377
title Regression: raw events do not contain relative values
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment xorg-x11-server-Xdmx is earlier than 0:1.10.6-1.el6
        oval oval:com.redhat.rhsa:tst:20120939009
      • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111359014
    • AND
      • comment xorg-x11-server-Xephyr is earlier than 0:1.10.6-1.el6
        oval oval:com.redhat.rhsa:tst:20120939005
      • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111359018
    • AND
      • comment xorg-x11-server-Xnest is earlier than 0:1.10.6-1.el6
        oval oval:com.redhat.rhsa:tst:20120939019
      • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111359012
    • AND
      • comment xorg-x11-server-Xorg is earlier than 0:1.10.6-1.el6
        oval oval:com.redhat.rhsa:tst:20120939011
      • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111359020
    • AND
      • comment xorg-x11-server-Xvfb is earlier than 0:1.10.6-1.el6
        oval oval:com.redhat.rhsa:tst:20120939013
      • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111359010
    • AND
      • comment xorg-x11-server-common is earlier than 0:1.10.6-1.el6
        oval oval:com.redhat.rhsa:tst:20120939015
      • comment xorg-x11-server-common is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111359006
    • AND
      • comment xorg-x11-server-devel is earlier than 0:1.10.6-1.el6
        oval oval:com.redhat.rhsa:tst:20120939017
      • comment xorg-x11-server-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111359016
    • AND
      • comment xorg-x11-server-source is earlier than 0:1.10.6-1.el6
        oval oval:com.redhat.rhsa:tst:20120939007
      • comment xorg-x11-server-source is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111359008
rhsa
id RHSA-2012:0939
released 2012-06-20
severity Low
title RHSA-2012:0939: xorg-x11-server security and bug fix update (Low)
rpms
  • xorg-x11-server-Xdmx-0:1.10.6-1.el6
  • xorg-x11-server-Xephyr-0:1.10.6-1.el6
  • xorg-x11-server-Xnest-0:1.10.6-1.el6
  • xorg-x11-server-Xorg-0:1.10.6-1.el6
  • xorg-x11-server-Xvfb-0:1.10.6-1.el6
  • xorg-x11-server-common-0:1.10.6-1.el6
  • xorg-x11-server-devel-0:1.10.6-1.el6
  • xorg-x11-server-source-0:1.10.6-1.el6
refmap via4
confirm http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4
mlist [xorg] 20111018 X.Org security advisory: xserver locking code issues
secunia
  • 46460
  • 49579
Last major update 17-07-2012 - 00:00
Published 03-07-2012 - 15:55
Back to Top