xorg security update

2013-02-27T19:40:06
ID CESA-2013:0502
Type centos
Reporter CentOS Project
Modified 2013-03-09T00:44:11

Description

CentOS Errata and Security Advisory CESA-2013:0502

The Core X11 clients packages provide the xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps clients that ship with the X Window System.

It was found that the x11perfcomp utility included the current working directory in its PATH environment variable. Running x11perfcomp in an attacker-controlled directory would cause arbitrary code execution with the privileges of the user running x11perfcomp. (CVE-2011-2504)

Also with this update, the xorg-x11-utils and xorg-x11-server-utils packages have been upgraded to upstream version 7.5, and the xorg-x11-apps package to upstream version 7.6, which provides a number of bug fixes and enhancements over the previous versions. (BZ#835277, BZ#835278, BZ#835281)

All users of xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps are advised to upgrade to these updated packages, which fix these issues and add these enhancements.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2013-March/031591.html http://lists.centos.org/pipermail/centos-announce/2013-March/031642.html http://lists.centos.org/pipermail/centos-announce/2013-March/031644.html http://lists.centos.org/pipermail/centos-cr-announce/2013-February/006946.html http://lists.centos.org/pipermail/centos-cr-announce/2013-February/006997.html http://lists.centos.org/pipermail/centos-cr-announce/2013-February/006999.html

Affected packages: xorg-x11-apps xorg-x11-server-utils xorg-x11-utils

Upstream details at: https://rhn.redhat.com/errata/RHSA-2013-0502.html