[El-errata] ELSA-2014-1982 Important: Oracle Linux 5 xorg-x11-server security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Dec 11 17:58:57 PST 2014


Oracle Linux Security Advisory ELSA-2014-1982

https://rhn.redhat.com/errata/RHSA-2014-1982.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
xorg-x11-server-Xdmx-1.1.1-48.107.0.1.el5_11.i386.rpm
xorg-x11-server-Xephyr-1.1.1-48.107.0.1.el5_11.i386.rpm
xorg-x11-server-Xnest-1.1.1-48.107.0.1.el5_11.i386.rpm
xorg-x11-server-Xorg-1.1.1-48.107.0.1.el5_11.i386.rpm
xorg-x11-server-Xvfb-1.1.1-48.107.0.1.el5_11.i386.rpm
xorg-x11-server-Xvnc-source-1.1.1-48.107.0.1.el5_11.i386.rpm
xorg-x11-server-sdk-1.1.1-48.107.0.1.el5_11.i386.rpm

x86_64:
xorg-x11-server-Xdmx-1.1.1-48.107.0.1.el5_11.x86_64.rpm
xorg-x11-server-Xephyr-1.1.1-48.107.0.1.el5_11.x86_64.rpm
xorg-x11-server-Xnest-1.1.1-48.107.0.1.el5_11.x86_64.rpm
xorg-x11-server-Xorg-1.1.1-48.107.0.1.el5_11.x86_64.rpm
xorg-x11-server-Xvfb-1.1.1-48.107.0.1.el5_11.x86_64.rpm
xorg-x11-server-Xvnc-source-1.1.1-48.107.0.1.el5_11.x86_64.rpm
xorg-x11-server-sdk-1.1.1-48.107.0.1.el5_11.x86_64.rpm

ia64:
xorg-x11-server-Xdmx-1.1.1-48.107.0.1.el5_11.ia64.rpm
xorg-x11-server-Xephyr-1.1.1-48.107.0.1.el5_11.ia64.rpm
xorg-x11-server-Xnest-1.1.1-48.107.0.1.el5_11.ia64.rpm
xorg-x11-server-Xorg-1.1.1-48.107.0.1.el5_11.ia64.rpm
xorg-x11-server-Xvfb-1.1.1-48.107.0.1.el5_11.ia64.rpm
xorg-x11-server-Xvnc-source-1.1.1-48.107.0.1.el5_11.ia64.rpm
xorg-x11-server-sdk-1.1.1-48.107.0.1.el5_11.ia64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/xorg-x11-server-1.1.1-48.107.0.1.el5_11.src.rpm



Description of changes:

[1.1.1-48.107.0.1.el5_11]
- Added oracle-enterprise-detect.patch
- Replaced 'Red Hat' in spec file

[1.1.1-48.107]
- CVE-2014-8091 denial of service due to unchecked malloc in client
   authentication (#1168680)
- CVE-2014-8092 integer overflow in X11 core protocol requests when
   calculating memory needs for requests (#1168684)
- CVE-2014-8097 out of bounds access due to not validating length or offset
   values in DBE extension (#1168705)
- CVE-2014-8095 out of bounds access due to not validating length or offset
   values in XInput extension (#1168694)
- CVE-2014-8096 out of bounds access due to not validating length or offset
   values in XC-MISC extension(#1168700)
- CVE-2014-8099 out of bounds access due to not validating length or offset
   values in XVideo extension (#1168710)
- CVE-2014-8100 out of bounds access due to not validating length or offset
   values in Render extension (#1168711)
- CVE-2014-8102 out of bounds access due to not validating length or offset
   values in XFixes extension (#1168714)
- CVE-2014-8101 out of bounds access due to not validating length or offset
   values in RandR extension (#1168713)
- CVE-2014-8093 xorg-x11-server: integer overflow in GLX extension requests
   when calculating memory needs for requests (#1168688)
- CVE-2014-8098 xorg-x11-server: out of bounds access due to not validating
   length or offset values in GLX extension (#1168707)

[1.1.1-48.104]
- xserver-1.1.1-randr-config-timestamps.patch: Backport timestamp comparison
   fix from upstream RANDR code (#1006076)

[1.1.1-48.103]
- CVE-2013-6424: Fix OOB in trapezoid rasterization






More information about the El-errata mailing list