Issued:
2012-02-21
Updated:
2012-02-21

RHSA-2012:0303 - Security Advisory

Synopsis

Low: xorg-x11-server security and bug fix update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated xorg-x11-server packages that fix one security issue and various
bugs are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

X.Org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.

A flaw was found in the way the X.Org server handled lock files. A local
user with access to the system console could use this flaw to determine the
existence of a file in a directory not accessible to the user, via a
symbolic link attack. (CVE-2011-4028)

Red Hat would like to thank the researcher with the nickname vladz for
reporting this issue.

This update also fixes the following bugs:

  • In rare cases, if the front and back buffer of the miDbePositionWindow()

function were not both allocated in video memory, or were both allocated in
system memory, the X Window System sometimes terminated unexpectedly. A
patch has been provided to address this issue and X no longer crashes in
the described scenario. (BZ#596899)

  • Previously, when the miSetShape() function called the miRegionDestroy()

function with a NULL region, X terminated unexpectedly if the backing store
was enabled. Now, X no longer crashes in the described scenario.
(BZ#676270)

  • On certain workstations running in 32-bit mode, the X11 mouse cursor

occasionally became stuck near the left edge of the X11 screen. A patch has
been provided to address this issue and the mouse cursor no longer becomes
stuck in the described scenario. (BZ#529717)

  • On certain workstations with a dual-head graphics adapter using the r500

driver in Zaphod mode, the mouse pointer was confined to one monitor screen
and could not move to the other screen. A patch has been provided to
address this issue and the mouse cursor works properly across both screens.
(BZ#559964)

  • Due to a double free operation, Xvfb (X virtual framebuffer) terminated

unexpectedly with a segmentation fault randomly when the last client
disconnected, that is when the server reset. This bug has been fixed in the
miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)

  • Starting the Xephyr server on an AMD64 or Intel 64 architecture with an

integrated graphics adapter caused the server to terminate unexpectedly.
This bug has been fixed in the code and Xephyr no longer crashes in the
described scenario. (BZ#454409)

  • Previously, when a client made a request bigger than 1/4th of the limit

advertised in the BigRequestsEnable reply, the X server closed the
connection unexpectedly. With this update, the maxBigRequestSize variable
has been added to the code to check the size of client requests, thus
fixing this bug. (BZ#555000)

  • When an X client running on a big-endian system called the

XineramaQueryScreens() function, the X server terminated unexpectedly. This
bug has been fixed in the xf86Xinerama module and the X server no longer
crashes in the described scenario. (BZ#588346)

  • When installing Red Hat Enterprise Linux 5 on an IBM eServer System p

blade server, the installer did not set the correct mode on the built-in
KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a
very long time to appear and then was displayed incorrectly. A patch has
been provided to address this issue and the graphical installer now works
as expected in the described scenario. Note that this fix requires the
Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)

  • Lines longer than 46,340 pixels can be drawn with one of the coordinates

being negative. However, for dashed lines, the miPolyBuildPoly() function
overflowed the "int" type when setting up edges for a section of a dashed
line. Consequently, dashed segments were not drawn at all. An upstream
patch has been applied to address this issue and dashed lines are now drawn
correctly. (BZ#649810)

All users of xorg-x11-server are advised to upgrade to these updated
packages, which correct these issues. All running X.Org server instances
must be restarted for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 454409 - Xephyr ends with Segmentation fault
  • BZ - 529717 - [RHEL5] HP DC5850: mice get stuck on left edge (X11 acceleration overflow?)
  • BZ - 555000 - Using BIG-REQUESTS cause XIO and connection close
  • BZ - 559964 - Pointer confined to one monitor with r500 in zaphod mode
  • BZ - 588346 - XineramaQueryScreens() from an X client on a big endian machine cause the Xserver to crash
  • BZ - 649810 - Integer overflow for dashed lines longer than 46340
  • BZ - 676270 - Xserver segfaults in miwindow.c when backing store is enabled
  • BZ - 745755 - CVE-2011-4028 xorg-x11, xorg-x11-server: File existence disclosure vulnerability

Red Hat Enterprise Linux Server 5

SRPM
xorg-x11-server-1.1.1-48.90.el5.src.rpm SHA-256: 2e2bd6bb5236f757ecc4603dd8b103d57d9113bf7e7583fd5cf955fdecc5f330
x86_64
xorg-x11-server-Xdmx-1.1.1-48.90.el5.x86_64.rpm SHA-256: 2d7066358507decd2123f89c451437ce92f504f12fa5aedadd89fbd1c3dee306
xorg-x11-server-Xephyr-1.1.1-48.90.el5.x86_64.rpm SHA-256: 2487fe20ed26f6416cb03aee424c44efcb4e4ab3857b72861480dc10409f9618
xorg-x11-server-Xnest-1.1.1-48.90.el5.x86_64.rpm SHA-256: d13bf5590c91dc9376ec206d7434431558d8eb8c8f3b971ba591f95ee7f6db48
xorg-x11-server-Xorg-1.1.1-48.90.el5.x86_64.rpm SHA-256: be6de7cc1992e486984705709e89cffaacca1132c571f5ae3be9cdf309397a8f
xorg-x11-server-Xvfb-1.1.1-48.90.el5.x86_64.rpm SHA-256: 58e62aeb4a64a3720c331686f47e0def66d6455e9bc484b2b8767cc3e6875ad0
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.x86_64.rpm SHA-256: 947a1b4c50899e5f00ee1f6d987782f299f8bdb25e67dcb5a0849c1222702b5d
xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm SHA-256: a1ab062f87c7ee7a16b0ab874894e464e03b33d879ecbf14a4b04634d7259e47
xorg-x11-server-sdk-1.1.1-48.90.el5.x86_64.rpm SHA-256: b5ddce5c1eec19427cbe9fde29e34eb1fb51ae7245c96dc7cbb2bb1390489b16
ia64
xorg-x11-server-Xdmx-1.1.1-48.90.el5.ia64.rpm SHA-256: b0957397aa52717f39c6588ae4f4f59cf91d82d0b1707093d6664f04afd68d57
xorg-x11-server-Xephyr-1.1.1-48.90.el5.ia64.rpm SHA-256: 499644524ef7af685dca5b19269ac8e71521e940d0c7b5f6a66f37f516bd6d10
xorg-x11-server-Xnest-1.1.1-48.90.el5.ia64.rpm SHA-256: b8804a1e6d84601ffb16690d5ef9eaf460abed1ca116ba256eb919f19c7c9909
xorg-x11-server-Xorg-1.1.1-48.90.el5.ia64.rpm SHA-256: e43130cc631bc40c9ac9044f06e22acb4432747df39e760ad2ea46dae201e429
xorg-x11-server-Xvfb-1.1.1-48.90.el5.ia64.rpm SHA-256: 71dd1f19b6bd4252a2521654ffbd49110a25932271d30cbcbba9d5576dfb0f83
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.ia64.rpm SHA-256: 6ba8273f9879e272f8fd9117b627e124df7813823122ea6f7a234231f5d80c94
xorg-x11-server-debuginfo-1.1.1-48.90.el5.ia64.rpm SHA-256: e6fe82325cbe100a1c80bfdac1d8bb13b64d0c12f11ebc60e7b2ede4207d17ed
xorg-x11-server-sdk-1.1.1-48.90.el5.ia64.rpm SHA-256: 2ecbdf740b74e85d04018b7e764eb278bf30e5fd14b6713d11ada015638fead7
i386
xorg-x11-server-Xdmx-1.1.1-48.90.el5.i386.rpm SHA-256: 117010addaaedd5a14451e67b862f7085e4f0a47a0216a5ab02f86fb05f6eea3
xorg-x11-server-Xephyr-1.1.1-48.90.el5.i386.rpm SHA-256: f62d58e2dcace4b0b205177917b9e4113b26e2ad9cfa7f7cbd0e22b90aa0f5c8
xorg-x11-server-Xnest-1.1.1-48.90.el5.i386.rpm SHA-256: 05682b29ddd0c3b08ec5a48e9811c059980f7a9bf761ee4aa5e44063f93768be
xorg-x11-server-Xorg-1.1.1-48.90.el5.i386.rpm SHA-256: e3e7c88dbc266f7e440bc39687f9b0929156516318693e4c06a7a1508c81cda3
xorg-x11-server-Xvfb-1.1.1-48.90.el5.i386.rpm SHA-256: b174322b26092b344f63efac1f36ee85477ea9631209b648cc02c9dc62662ec1
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.i386.rpm SHA-256: 14dbac4758c3092bbf3f44684cd4f6e09c3825154c34273e1b7d2f0ebc0a8257
xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm SHA-256: f48ff8ed28b91c387d797e1180ec33514ae444280b15b00a7da720dc87cc30db
xorg-x11-server-sdk-1.1.1-48.90.el5.i386.rpm SHA-256: 32bae54e2c0c4eb507f518b55fdb7fae653020eb6f71e7bad86d96fd715d93e8

Red Hat Enterprise Linux Workstation 5

SRPM
xorg-x11-server-1.1.1-48.90.el5.src.rpm SHA-256: 2e2bd6bb5236f757ecc4603dd8b103d57d9113bf7e7583fd5cf955fdecc5f330
x86_64
xorg-x11-server-Xdmx-1.1.1-48.90.el5.x86_64.rpm SHA-256: 2d7066358507decd2123f89c451437ce92f504f12fa5aedadd89fbd1c3dee306
xorg-x11-server-Xephyr-1.1.1-48.90.el5.x86_64.rpm SHA-256: 2487fe20ed26f6416cb03aee424c44efcb4e4ab3857b72861480dc10409f9618
xorg-x11-server-Xnest-1.1.1-48.90.el5.x86_64.rpm SHA-256: d13bf5590c91dc9376ec206d7434431558d8eb8c8f3b971ba591f95ee7f6db48
xorg-x11-server-Xorg-1.1.1-48.90.el5.x86_64.rpm SHA-256: be6de7cc1992e486984705709e89cffaacca1132c571f5ae3be9cdf309397a8f
xorg-x11-server-Xvfb-1.1.1-48.90.el5.x86_64.rpm SHA-256: 58e62aeb4a64a3720c331686f47e0def66d6455e9bc484b2b8767cc3e6875ad0
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.x86_64.rpm SHA-256: 947a1b4c50899e5f00ee1f6d987782f299f8bdb25e67dcb5a0849c1222702b5d
xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm SHA-256: a1ab062f87c7ee7a16b0ab874894e464e03b33d879ecbf14a4b04634d7259e47
xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm SHA-256: a1ab062f87c7ee7a16b0ab874894e464e03b33d879ecbf14a4b04634d7259e47
xorg-x11-server-sdk-1.1.1-48.90.el5.x86_64.rpm SHA-256: b5ddce5c1eec19427cbe9fde29e34eb1fb51ae7245c96dc7cbb2bb1390489b16
i386
xorg-x11-server-Xdmx-1.1.1-48.90.el5.i386.rpm SHA-256: 117010addaaedd5a14451e67b862f7085e4f0a47a0216a5ab02f86fb05f6eea3
xorg-x11-server-Xephyr-1.1.1-48.90.el5.i386.rpm SHA-256: f62d58e2dcace4b0b205177917b9e4113b26e2ad9cfa7f7cbd0e22b90aa0f5c8
xorg-x11-server-Xnest-1.1.1-48.90.el5.i386.rpm SHA-256: 05682b29ddd0c3b08ec5a48e9811c059980f7a9bf761ee4aa5e44063f93768be
xorg-x11-server-Xorg-1.1.1-48.90.el5.i386.rpm SHA-256: e3e7c88dbc266f7e440bc39687f9b0929156516318693e4c06a7a1508c81cda3
xorg-x11-server-Xvfb-1.1.1-48.90.el5.i386.rpm SHA-256: b174322b26092b344f63efac1f36ee85477ea9631209b648cc02c9dc62662ec1
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.i386.rpm SHA-256: 14dbac4758c3092bbf3f44684cd4f6e09c3825154c34273e1b7d2f0ebc0a8257
xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm SHA-256: f48ff8ed28b91c387d797e1180ec33514ae444280b15b00a7da720dc87cc30db
xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm SHA-256: f48ff8ed28b91c387d797e1180ec33514ae444280b15b00a7da720dc87cc30db
xorg-x11-server-sdk-1.1.1-48.90.el5.i386.rpm SHA-256: 32bae54e2c0c4eb507f518b55fdb7fae653020eb6f71e7bad86d96fd715d93e8

Red Hat Enterprise Linux Desktop 5

SRPM
xorg-x11-server-1.1.1-48.90.el5.src.rpm SHA-256: 2e2bd6bb5236f757ecc4603dd8b103d57d9113bf7e7583fd5cf955fdecc5f330
x86_64
xorg-x11-server-Xdmx-1.1.1-48.90.el5.x86_64.rpm SHA-256: 2d7066358507decd2123f89c451437ce92f504f12fa5aedadd89fbd1c3dee306
xorg-x11-server-Xephyr-1.1.1-48.90.el5.x86_64.rpm SHA-256: 2487fe20ed26f6416cb03aee424c44efcb4e4ab3857b72861480dc10409f9618
xorg-x11-server-Xnest-1.1.1-48.90.el5.x86_64.rpm SHA-256: d13bf5590c91dc9376ec206d7434431558d8eb8c8f3b971ba591f95ee7f6db48
xorg-x11-server-Xorg-1.1.1-48.90.el5.x86_64.rpm SHA-256: be6de7cc1992e486984705709e89cffaacca1132c571f5ae3be9cdf309397a8f
xorg-x11-server-Xvfb-1.1.1-48.90.el5.x86_64.rpm SHA-256: 58e62aeb4a64a3720c331686f47e0def66d6455e9bc484b2b8767cc3e6875ad0
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.x86_64.rpm SHA-256: 947a1b4c50899e5f00ee1f6d987782f299f8bdb25e67dcb5a0849c1222702b5d
xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm SHA-256: a1ab062f87c7ee7a16b0ab874894e464e03b33d879ecbf14a4b04634d7259e47
i386
xorg-x11-server-Xdmx-1.1.1-48.90.el5.i386.rpm SHA-256: 117010addaaedd5a14451e67b862f7085e4f0a47a0216a5ab02f86fb05f6eea3
xorg-x11-server-Xephyr-1.1.1-48.90.el5.i386.rpm SHA-256: f62d58e2dcace4b0b205177917b9e4113b26e2ad9cfa7f7cbd0e22b90aa0f5c8
xorg-x11-server-Xnest-1.1.1-48.90.el5.i386.rpm SHA-256: 05682b29ddd0c3b08ec5a48e9811c059980f7a9bf761ee4aa5e44063f93768be
xorg-x11-server-Xorg-1.1.1-48.90.el5.i386.rpm SHA-256: e3e7c88dbc266f7e440bc39687f9b0929156516318693e4c06a7a1508c81cda3
xorg-x11-server-Xvfb-1.1.1-48.90.el5.i386.rpm SHA-256: b174322b26092b344f63efac1f36ee85477ea9631209b648cc02c9dc62662ec1
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.i386.rpm SHA-256: 14dbac4758c3092bbf3f44684cd4f6e09c3825154c34273e1b7d2f0ebc0a8257
xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm SHA-256: f48ff8ed28b91c387d797e1180ec33514ae444280b15b00a7da720dc87cc30db

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
xorg-x11-server-1.1.1-48.90.el5.src.rpm SHA-256: 2e2bd6bb5236f757ecc4603dd8b103d57d9113bf7e7583fd5cf955fdecc5f330
s390x
xorg-x11-server-Xephyr-1.1.1-48.90.el5.s390x.rpm SHA-256: ccec0aafa5e2f4359ffaba64491079aec7df5ec12521ac1d38a821a4c7c594f0
xorg-x11-server-Xnest-1.1.1-48.90.el5.s390x.rpm SHA-256: fb757b7b56d89f6530faa7b4c45170c1fec7c4d6c5028a811201144b3c7c169b
xorg-x11-server-Xvfb-1.1.1-48.90.el5.s390x.rpm SHA-256: 1b2f6d53d94f933a9b5bfed96370511063497d0cd08ab4c62416e73dcbad3fb4
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.s390x.rpm SHA-256: 0c12001e79554d0f96c67f30155b8bab898860773aa569d5f2699a1339e1394f
xorg-x11-server-debuginfo-1.1.1-48.90.el5.s390x.rpm SHA-256: eecc2095c0f4b1557c9c9351e31f8ae459e9d3fd6d2ef2a47119f6a259fc5a5a

Red Hat Enterprise Linux for Power, big endian 5

SRPM
xorg-x11-server-1.1.1-48.90.el5.src.rpm SHA-256: 2e2bd6bb5236f757ecc4603dd8b103d57d9113bf7e7583fd5cf955fdecc5f330
ppc
xorg-x11-server-Xdmx-1.1.1-48.90.el5.ppc.rpm SHA-256: 930657080c577bea9d186ae1b8bd352b279aa81f0908961244246c381e5226d3
xorg-x11-server-Xephyr-1.1.1-48.90.el5.ppc.rpm SHA-256: 51c43218351569a87af514fac212208541a52f62b9a3775c585a278566a05f7a
xorg-x11-server-Xnest-1.1.1-48.90.el5.ppc.rpm SHA-256: c7bef50334697a1bffbd0165c9d887de785998d7ee27101ddc378cadf2bc0f30
xorg-x11-server-Xorg-1.1.1-48.90.el5.ppc.rpm SHA-256: 0360a420af04cd094a1616173b3b3c54c294fe6614b88d8a56a4cbf1916a09a7
xorg-x11-server-Xvfb-1.1.1-48.90.el5.ppc.rpm SHA-256: 493f179115b42a310f36a1657b9282476cf93a6539312c170b5d8ce3238596ce
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.ppc.rpm SHA-256: b58032b6cca46960cf0c8c1fa94fd0fad13f5afb34db5e5b003dd72b8470a946
xorg-x11-server-debuginfo-1.1.1-48.90.el5.ppc.rpm SHA-256: 4b18f433ec41865c083f1a483f88d9344f1cc1d8256618e7eb62cab15e1b16c2
xorg-x11-server-sdk-1.1.1-48.90.el5.ppc.rpm SHA-256: 83aaa14970a3e786ec517bb84db0f5ef72a35efb364a501be6d7814021f5d710

Red Hat Enterprise Linux Server from RHUI 5

SRPM
xorg-x11-server-1.1.1-48.90.el5.src.rpm SHA-256: 2e2bd6bb5236f757ecc4603dd8b103d57d9113bf7e7583fd5cf955fdecc5f330
x86_64
xorg-x11-server-Xdmx-1.1.1-48.90.el5.x86_64.rpm SHA-256: 2d7066358507decd2123f89c451437ce92f504f12fa5aedadd89fbd1c3dee306
xorg-x11-server-Xephyr-1.1.1-48.90.el5.x86_64.rpm SHA-256: 2487fe20ed26f6416cb03aee424c44efcb4e4ab3857b72861480dc10409f9618
xorg-x11-server-Xnest-1.1.1-48.90.el5.x86_64.rpm SHA-256: d13bf5590c91dc9376ec206d7434431558d8eb8c8f3b971ba591f95ee7f6db48
xorg-x11-server-Xorg-1.1.1-48.90.el5.x86_64.rpm SHA-256: be6de7cc1992e486984705709e89cffaacca1132c571f5ae3be9cdf309397a8f
xorg-x11-server-Xvfb-1.1.1-48.90.el5.x86_64.rpm SHA-256: 58e62aeb4a64a3720c331686f47e0def66d6455e9bc484b2b8767cc3e6875ad0
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.x86_64.rpm SHA-256: 947a1b4c50899e5f00ee1f6d987782f299f8bdb25e67dcb5a0849c1222702b5d
xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm SHA-256: a1ab062f87c7ee7a16b0ab874894e464e03b33d879ecbf14a4b04634d7259e47
xorg-x11-server-sdk-1.1.1-48.90.el5.x86_64.rpm SHA-256: b5ddce5c1eec19427cbe9fde29e34eb1fb51ae7245c96dc7cbb2bb1390489b16
i386
xorg-x11-server-Xdmx-1.1.1-48.90.el5.i386.rpm SHA-256: 117010addaaedd5a14451e67b862f7085e4f0a47a0216a5ab02f86fb05f6eea3
xorg-x11-server-Xephyr-1.1.1-48.90.el5.i386.rpm SHA-256: f62d58e2dcace4b0b205177917b9e4113b26e2ad9cfa7f7cbd0e22b90aa0f5c8
xorg-x11-server-Xnest-1.1.1-48.90.el5.i386.rpm SHA-256: 05682b29ddd0c3b08ec5a48e9811c059980f7a9bf761ee4aa5e44063f93768be
xorg-x11-server-Xorg-1.1.1-48.90.el5.i386.rpm SHA-256: e3e7c88dbc266f7e440bc39687f9b0929156516318693e4c06a7a1508c81cda3
xorg-x11-server-Xvfb-1.1.1-48.90.el5.i386.rpm SHA-256: b174322b26092b344f63efac1f36ee85477ea9631209b648cc02c9dc62662ec1
xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.i386.rpm SHA-256: 14dbac4758c3092bbf3f44684cd4f6e09c3825154c34273e1b7d2f0ebc0a8257
xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm SHA-256: f48ff8ed28b91c387d797e1180ec33514ae444280b15b00a7da720dc87cc30db
xorg-x11-server-sdk-1.1.1-48.90.el5.i386.rpm SHA-256: 32bae54e2c0c4eb507f518b55fdb7fae653020eb6f71e7bad86d96fd715d93e8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.