Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2014.0744.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2014:0744-1)
Summary:The remote host is missing an update for the 'xorg-x11-server' package(s) announced via the SUSE-SU-2014:0744-1 advisory.
Description:Summary:
The remote host is missing an update for the 'xorg-x11-server' package(s) announced via the SUSE-SU-2014:0744-1 advisory.

Vulnerability Insight:
This is a SLES 11 SP1 LTSS rollup update for the X.Org Server package.

The following security issues have been fixed:

* CVE-2013-6424: Integer underflow in the xTrapezoidValid macro in
render/picture.h in X.Org allowed context-dependent attackers to
cause a denial of service (crash) via a negative bottom value.
* CVE-2013-4396: Use-after-free vulnerability in the doImageText
function in dix/dixfonts.c in the xorg-server module before 1.14.4
in X.Org X11 allowed remote authenticated users to cause a denial of
service (daemon crash) or possibly execute arbitrary code via a
crafted ImageText request that triggers memory-allocation failure.
* CVE-2013-1940: X.Org X server did not properly restrict access to
input events when adding a new hot-plug device, which might have
allowed physically proximate attackers to obtain sensitive
information, as demonstrated by reading passwords from a tty.

The following non-security issues have been fixed:

* rfbAuthReenable is accessing rfbClient structure that was in most
cases already freed. It actually needs only ScreenPtr, so pass it
directly. (bnc#816813)
* Memory leaks in ARGB cursor handling. (bnc#813178, bnc#813683)

Security Issues:

* CVE-2013-1940
* CVE-2013-4396
* CVE-2013-6424

Affected Software/OS:
'xorg-x11-server' package(s) on SUSE Linux Enterprise Server 11 SP1

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1940
Debian Security Information: DSA-2661 (Google Search)
http://www.debian.org/security/2013/dsa-2661
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104089.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102391.html
http://www.openwall.com/lists/oss-security/2013/04/18/3
SuSE Security Announcement: openSUSE-SU-2013:0878 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00015.html
http://www.ubuntu.com/usn/USN-1803-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4396
BugTraq ID: 62892
http://www.securityfocus.com/bid/62892
Debian Security Information: DSA-2784 (Google Search)
http://www.debian.org/security/2013/dsa-2784
http://openwall.com/lists/oss-security/2013/10/08/6
http://lists.x.org/archives/xorg-announce/2013-October/002332.html
RedHat Security Advisories: RHSA-2013:1426
http://rhn.redhat.com/errata/RHSA-2013-1426.html
SuSE Security Announcement: openSUSE-SU-2013:1610 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-10/msg00056.html
SuSE Security Announcement: openSUSE-SU-2013:1614 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-10/msg00060.html
http://www.ubuntu.com/usn/USN-1990-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-6424
Debian Security Information: DSA-2822 (Google Search)
http://www.debian.org/security/2013/dsa-2822
https://security.gentoo.org/glsa/201701-64
https://security.gentoo.org/glsa/201710-30
http://www.openwall.com/lists/oss-security/2013/12/03/8
http://www.openwall.com/lists/oss-security/2013/12/04/8
http://lists.x.org/archives/xorg-devel/2013-October/037996.html
RedHat Security Advisories: RHSA-2013:1868
http://rhn.redhat.com/errata/RHSA-2013-1868.html
SuSE Security Announcement: openSUSE-SU-2013:1965 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00127.html
http://www.ubuntu.com/usn/USN-2500-1
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.