CentOS Errata and Security Advisory CESA-2013:1868
X.Org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.
An integer overflow, which led to a heap-based buffer overflow, was found
in the way X.Org server handled trapezoids. A malicious, authorized client
could use this flaw to crash the X.Org server or, potentially, execute
arbitrary code with root privileges. (CVE-2013-6424)
All xorg-x11-server users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-December/082252.html
https://lists.centos.org/pipermail/centos-announce/2013-December/082255.html
Affected packages:
xorg-x11-server-Xdmx
xorg-x11-server-Xephyr
xorg-x11-server-Xnest
xorg-x11-server-Xorg
xorg-x11-server-Xvfb
xorg-x11-server-Xvnc-source
xorg-x11-server-common
xorg-x11-server-devel
xorg-x11-server-sdk
xorg-x11-server-source
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:1868