xorg-x11-server-1.13.0-23.1.0.1.AXS4

エラータID: AXSA:2014-075:01

Release date: 
Tuesday, March 18, 2014 - 20:25
Subject: 
xorg-x11-server-1.13.0-23.1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

X.Org X11 X server

Security issues fixed with this release:

• CVE-2013-1940
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

• CVE-2013-6424
Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

Fixed bug :

• Fixed the aspect ratio when using a tablet in relative mode: the horizontal and vertical movement ratio of the cursor did not match the ratio of the stylus.

• When the Xephyr X server was made resizable with a previous update, the resize functionality was not on by default. This has been fixed and X sandboxes are now resizable.

• The X Access Control Extension (XACE) replaces the X Security extension (XC-SECURITY) in Asianux Server 4. However, XACE does not have all the functionalities of XC-SECURITY so XC-SECURITY is enabled again in the xorg-x11-server spec file.

• An error in the upstream code disabled the GLX extension in Xvfb, preventing headless 3D applications from working correctly. This has been fixed.

Solution: 

Update packages.

CVEs: 
CVE-2013-1940
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.
CVE-2013-1940
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.
Additional Info: 

N/A

Download: 

SRPMS
  1. xorg-x11-server-1.13.0-23.1.0.1.AXS4.src.rpm
    MD5: 87372791cf5ddb4f3d99ee68042ed3ab
    SHA-256: 2067e51a0f5d1a0aeedf15d91351a0e40fbf4a2e2130e30a7a73ba3850f2c91e
    Size: 5.28 MB

Asianux Server 4 for x86
  1. xorg-x11-server-common-1.13.0-23.1.0.1.AXS4.i686.rpm
    MD5: eb85f322ad2d8a38e2d2ba7e85e27f2b
    SHA-256: 2f46b9a23317c792d7049ea82129fdafa28008f04555ec66bc0629805074887f
    Size: 36.83 kB
  2. xorg-x11-server-Xephyr-1.13.0-23.1.0.1.AXS4.i686.rpm
    MD5: 8d146aac116a16e391d730f425c71f51
    SHA-256: 02f7b76c555ca3b9dccbde9c7aea0b13b0c064d5ce0ddb8be99d81d448923300
    Size: 865.34 kB
  3. xorg-x11-server-Xorg-1.13.0-23.1.0.1.AXS4.i686.rpm
    MD5: b9602169a930ea61cda3460de6000e9b
    SHA-256: 2de7a83ee0e925fb9c34da1368eaacd61d095f4f6ac14eaaee4c84c1499b8328
    Size: 1.26 MB

Asianux Server 4 for x86_64
  1. xorg-x11-server-common-1.13.0-23.1.0.1.AXS4.x86_64.rpm
    MD5: 50fed0ea23bf7c25751137eb08ba10af
    SHA-256: b8545d5a3b081c1253bc98852f5ce55c38f288e029c612d017fc642976cc29a3
    Size: 36.41 kB
  2. xorg-x11-server-Xephyr-1.13.0-23.1.0.1.AXS4.x86_64.rpm
    MD5: a243aa28cf5708b0f1b8df39f8df640f
    SHA-256: 0779c756398f4902ed1e8c713d73d789b615583ea0eff62d66d72fb4039ef988
    Size: 862.56 kB
  3. xorg-x11-server-Xorg-1.13.0-23.1.0.1.AXS4.x86_64.rpm
    MD5: 5bc1eee5e7c9564e1a82385681e6d0c2
    SHA-256: 7659f9338f80405df6e86ee970fe777caf2407284923a395b777a240e4cb033e
    Size: 1.27 MB