---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: SUSE update for xorg-x11 and XFree86 SECUNIA ADVISORY ID: SA30715 VERIFY ADVISORY: http://secunia.com/advisories/30715/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS WHERE: Local system OPERATING SYSTEM: openSUSE 10.2 http://secunia.com/product/13375/ openSUSE 10.3 http://secunia.com/product/16124/ SUSE Linux Enterprise Server 9 http://secunia.com/product/4118/ SUSE Linux Enterprise Server 10 http://secunia.com/product/12192/ SOFTWARE: Novell Open Enterprise Server 1.x http://secunia.com/product/4664/ DESCRIPTION: SUSE has issued an update for xorg-x11 and XFree86. This fixes a security issue and some vulnerabilities, which can be exploited by malicious people with physical access to a system to bypass certain security restrictions and by malicious local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. For more information: SA30627 The security issue is caused due to Compiz potentially grabbing the input focus. This can be exploited to bypass and disable the screen locking feature. SOLUTION: Apply updated packages. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-Xvnc-7.1-91.3.i586.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-server-7.2-143.13.i586.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-server-extra-7.2-143.13.i586.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-server-sdk-7.2-143.13.i586.rpm openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/xorg-x11-server-7.2-30.15.i586.rpm ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/xorg-x11-server-sdk-7.2-30.15.i586.rpm Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xorg-x11-Xvnc-7.1-91.3.ppc.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xorg-x11-server-7.2-143.13.ppc.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xorg-x11-server-extra-7.2-143.13.ppc.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xorg-x11-server-sdk-7.2-143.13.ppc.rpm openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/xorg-x11-server-7.2-30.15.ppc.rpm ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/xorg-x11-server-sdk-7.2-30.15.ppc.rpm x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xorg-x11-Xvnc-7.1-91.3.x86_64.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xorg-x11-server-7.2-143.13.x86_64.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xorg-x11-server-extra-7.2-143.13.x86_64.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xorg-x11-server-sdk-7.2-143.13.x86_64.rpm openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/xorg-x11-server-7.2-30.15.x86_64.rpm ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/xorg-x11-server-sdk-7.2-30.15.x86_64.rpm Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/xorg-x11-Xvnc-7.1-91.3.src.rpm http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/xorg-x11-server-7.2-143.13.src.rpm openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/xorg-x11-server-7.2-30.15.src.rpm SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/365f4578a5d4944409898142a04ad8db.html http://support.novell.com/techcenter/psdb/dafe815cdb6284ae29e4d625d49fd383.html SUSE Linux Enterprise Server 10 SP2 http://support.novell.com/techcenter/psdb/365f4578a5d4944409898142a04ad8db.html http://support.novell.com/techcenter/psdb/dafe815cdb6284ae29e4d625d49fd383.html SLE SDK 10 SP2 http://support.novell.com/techcenter/psdb/365f4578a5d4944409898142a04ad8db.html http://support.novell.com/techcenter/psdb/dafe815cdb6284ae29e4d625d49fd383.html SLE SDK 10 SP1 http://support.novell.com/techcenter/psdb/365f4578a5d4944409898142a04ad8db.html http://support.novell.com/techcenter/psdb/dafe815cdb6284ae29e4d625d49fd383.html SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/dafe815cdb6284ae29e4d625d49fd383.html SUSE Linux Enterprise Desktop 10 SP2 http://support.novell.com/techcenter/psdb/dafe815cdb6284ae29e4d625d49fd383.html Open Enterprise Server http://support.novell.com/techcenter/psdb/f1d6c99d6205780cd2ffac2d4f799210.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/f1d6c99d6205780cd2ffac2d4f799210.html Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/f1d6c99d6205780cd2ffac2d4f799210.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/5dc3845aa1a191befe81a3f246c6d3aa.html http://support.novell.com/techcenter/psdb/f1d6c99d6205780cd2ffac2d4f799210.html ORIGINAL ADVISORY: http://www.novell.com/linux/security/advisories/2008_27_xorg.html OTHER REFERENCES: SA30627: http://secunia.com/advisories/30627/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------