xorg security update

2013-12-20T12:23:37
ID CESA-2013:1868
Type centos
Reporter CentOS Project
Modified 2013-12-20T13:43:30

Description

CentOS Errata and Security Advisory CESA-2013:1868

X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-6424)

All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2013-December/020090.html http://lists.centos.org/pipermail/centos-announce/2013-December/020093.html

Affected packages: xorg-x11-server xorg-x11-server-Xdmx xorg-x11-server-Xephyr xorg-x11-server-Xnest xorg-x11-server-Xorg xorg-x11-server-Xvfb xorg-x11-server-Xvnc-source xorg-x11-server-common xorg-x11-server-devel xorg-x11-server-sdk xorg-x11-server-source

Upstream details at: https://rhn.redhat.com/errata/RHSA-2013-1868.html