7.287. xorg-x11-server

Updated xorg-x11-server packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The xorg-x11-server packages provide the X.Org sample implementation of a server for the X Window System and the rendering services necessary for graphical user environments, such as GNOME and KDE.

Note

Updated xorg-x11-server packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
The xorg-x11-server packages have been upgraded to upstream version 1.13.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#833212)

Bug Fixes

BZ#608076
When the GNOME sound volume applet was configured to pop up after pressing the "mute", "volume up", or "volume down" hardware buttons, doing so caused a graphical glitch to appear in a dual monitor configuration. Now, the screen glitch no longer appears.
BZ#745033
When spice-client was opened in full-screen mode, the client screen contained a static image which was not refreshed until it was switched back to window mode. Now, the static image no longer appears when opened in full-screen mode.
BZ#816347
When the screen saver started to fade, pressing keys did not interrupt the fade and did not immediately display the unlock screen. Now, pressing keys stops the screen from fading.
BZ#829321
A NULL pointer dereference caused X.Org to terminate unexpectedly with a segmentation fault on certain servers. The error is fixed and X.Org no longer crashes on those servers.
BZ#837073
An invalid pointer dereference in the server caused the server to unexpectedly terminate with a segmentation fault when the mouse was moved over the VNC window. Crashes no longer occur when moving the mouse over the VNC window.
BZ#853236
The KVM process could not access the X server because the "/usr/bin/Xorg" binary was unreadable for non-root users. Now, all users can read the binary and KVM guests can access host operating systems.
BZ#858005
A transformation matrix is used to bind a device to a specific area on the screen. An uninitialized device transformation matrix caused the pointer to jump to the top-left corner of the screen on some devices. With this update, the transformation matrix is properly initialized and pointer device movement works as expected.
BZ#863913
An X Input Extension (XI 1.x) grab on a disabled device led to a NULL pointer dereference error which caused the server to terminate unexpectedly. Currently, the XI 1.x grab functions normally and the X server no longer crashes.
BZ#864054
When screens are reconfigured, the server updates some internal fields to adjust input device coordinate scaling if the device is bound to a specific screen. The NVIDIA binary driver did not have access to these internal methods, and was not able to update these fields when it changed output configurations. A new API is now exported for the driver and the NVIDIA driver is now able to update the server-internal fields.
BZ#868054
Pointer screen crossings for non-Xinerama setups caused the mouse pointer to wrap around on the first screen instead of moving to the second screen. Now, the mouse pointer can move between both screens on non-Xinerama setups.
BZ#883206
Running xrestop on servers that used Intel, ATI or Nouveau drivers caused the server to terminate unexpectedly with a segmentation fault. Now, users are able to run xrestop on those servers without crashes.
Users of xorg-x11-server are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.
Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link associated with the description below.
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix

CVE-2013-4396
A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges.
Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Pedro Ribeiro as the original reporter.
All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.