Ispravljen je sigurnosni propust otkriven u radu programskog paketa Xorg-X11. Lokalni napadači su ga mogli iskoristiti za izvršavanje koda po vlastitom izboru.
Paket:
xorg-x11 6.x
Operacijski sustavi:
SUSE Linux Enterprise Desktop 10, SUSE Linux Enterprise Server (SLES) 10
Kritičnost:
6.9
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno
Posljedica:
proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-2895
Izvorni ID preporuke:
SUSE-SU-2011:1035-2
Izvor:
SUSE
Problem:
Propust je uzrokovan pogreškom u datotekama fontfile/decompress.c i compress/compress.c.
Posljedica:
Napadaču omogućuje pokretanje proizvoljnog programskog koda.
Rješenje:
Korisnicima se preporuča instalacija odgovarajućih zakrpa.
SUSE Security Update: Security update for Xorg-X11
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:1035-2
Rating: important
References: #709851
Cross-References: CVE-2011-2895
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
The following bug has been fixed:
* Specially crafted font files could have caused a
buffer overflow in applications that use libXfont to load
such files (CVE-2011-2895).
Security Issue reference:
* CVE-2011-2895
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
>
Indications:
Please install this update.
Package List:
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
xorg-x11-6.9.0-50.76.4
xorg-x11-Xnest-6.9.0-50.76.4
xorg-x11-Xvfb-6.9.0-50.76.4
xorg-x11-Xvnc-6.9.0-50.76.4
xorg-x11-devel-6.9.0-50.76.4
xorg-x11-doc-6.9.0-50.76.4
xorg-x11-fonts-100dpi-6.9.0-50.76.4
xorg-x11-fonts-75dpi-6.9.0-50.76.4
xorg-x11-fonts-cyrillic-6.9.0-50.76.4
xorg-x11-fonts-scalable-6.9.0-50.76.4
xorg-x11-fonts-syriac-6.9.0-50.76.4
xorg-x11-libs-6.9.0-50.76.4
xorg-x11-man-6.9.0-50.76.4
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc x86_64):
xorg-x11-sdk-6.9.0-50.76.4
xorg-x11-server-6.9.0-50.76.4
xorg-x11-server-glx-6.9.0-50.76.4
- SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):
xorg-x11-devel-32bit-6.9.0-50.76.4
xorg-x11-libs-32bit-6.9.0-50.76.4
- SUSE Linux Enterprise Server 10 SP4 (ia64):
xorg-x11-libs-x86-6.9.0-50.76.4
- SUSE Linux Enterprise Server 10 SP4 (ppc):
xorg-x11-devel-64bit-6.9.0-50.76.4
xorg-x11-libs-64bit-6.9.0-50.76.4
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
xorg-x11-6.9.0-50.76.4
xorg-x11-Xnest-6.9.0-50.76.4
xorg-x11-Xvfb-6.9.0-50.76.4
xorg-x11-Xvnc-6.9.0-50.76.4
xorg-x11-devel-6.9.0-50.76.4
xorg-x11-fonts-100dpi-6.9.0-50.76.4
xorg-x11-fonts-75dpi-6.9.0-50.76.4
xorg-x11-fonts-cyrillic-6.9.0-50.76.4
xorg-x11-fonts-scalable-6.9.0-50.76.4
xorg-x11-fonts-syriac-6.9.0-50.76.4
xorg-x11-libs-6.9.0-50.76.4
xorg-x11-man-6.9.0-50.76.4
xorg-x11-server-6.9.0-50.76.4
xorg-x11-server-glx-6.9.0-50.76.4
- SUSE Linux Enterprise Desktop 10 SP4 (x86_64):
xorg-x11-devel-32bit-6.9.0-50.76.4
xorg-x11-libs-32bit-6.9.0-50.76.4
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
xorg-x11-Xvfb-6.9.0-50.76.4
xorg-x11-doc-6.9.0-50.76.4
- SLE SDK 10 SP4 (i586 ia64 ppc x86_64):
xorg-x11-sdk-6.9.0-50.76.4
References:
http://support.novell.com/security/cve/CVE-2011-2895.html
https://bugzilla.novell.com/709851
http://download.novell.com/patch/finder/?keywords=1a2ab2f33ca77404c8f69d54b080bce6
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke