Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2014:0744-1)
Summary:The remote host is missing an update for the 'xorg-x11-server' package(s) announced via the SUSE-SU-2014:0744-1 advisory.
The remote host is missing an update for the 'xorg-x11-server' package(s) announced via the SUSE-SU-2014:0744-1 advisory.

Vulnerability Insight:
This is a SLES 11 SP1 LTSS rollup update for the X.Org Server package.

The following security issues have been fixed:

* CVE-2013-6424: Integer underflow in the xTrapezoidValid macro in
render/picture.h in X.Org allowed context-dependent attackers to
cause a denial of service (crash) via a negative bottom value.
* CVE-2013-4396: Use-after-free vulnerability in the doImageText
function in dix/dixfonts.c in the xorg-server module before 1.14.4
in X.Org X11 allowed remote authenticated users to cause a denial of
service (daemon crash) or possibly execute arbitrary code via a
crafted ImageText request that triggers memory-allocation failure.
* CVE-2013-1940: X.Org X server did not properly restrict access to
input events when adding a new hot-plug device, which might have
allowed physically proximate attackers to obtain sensitive
information, as demonstrated by reading passwords from a tty.

The following non-security issues have been fixed:

* rfbAuthReenable is accessing rfbClient structure that was in most
cases already freed. It actually needs only ScreenPtr, so pass it
directly. (bnc#816813)
* Memory leaks in ARGB cursor handling. (bnc#813178, bnc#813683)

Security Issues:

* CVE-2013-1940
* CVE-2013-4396
* CVE-2013-6424

Affected Software/OS:
'xorg-x11-server' package(s) on SUSE Linux Enterprise Server 11 SP1

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1940
Debian Security Information: DSA-2661 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0878 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-4396
BugTraq ID: 62892
Debian Security Information: DSA-2784 (Google Search)
RedHat Security Advisories: RHSA-2013:1426
SuSE Security Announcement: openSUSE-SU-2013:1610 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:1614 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-6424
Debian Security Information: DSA-2822 (Google Search)
RedHat Security Advisories: RHSA-2013:1868
SuSE Security Announcement: openSUSE-SU-2013:1965 (Google Search)
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.