X.Org Server
This package contains the X.Org Server.
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Evergreen:11.2:Test/xorg-x11-server && cd $_
- Create Badge
Refresh
Refresh
Source Files
Revision 2 (latest revision is 5)
Fixes for two vulnerabilities in X server announced in http://lists.freedesktop.org/archives/xorg-announce/2011-October/001744.html CVE-2011-4028: File disclosure vulnerability: It is possible to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. This is caused by the fact that the X server is behaving differently if the lock file already exists as a symbolic link pointing to an existing or non-existing file. CVE-2011-4029: File permission change vulnerability: It is possible for a non-root user to set the permissions for all users on any file or directory to 444, giving unwanted read access or causing denies of service (by removing execute permission). This is caused by a race between creating the lock file and setting its access modes. Removed unused patches 165-167 to make "osc commit" stop complaining.
Comments 0