LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 31st, 2014
Linux Security Week: October 27th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Slackware: 2013-109-01: xorg-server: Security Update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Slackware New xorg-server packages are available for Slackware 13.37, 14.0, and -current to fix a security issue. [More Info...]
[slackware-security]  xorg-server (SSA:2013-109-01)

New xorg-server packages are available for Slackware 13.37, 14.0, and -current
to fix a security issue.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.12.4-i486-1_slack14.0.txz:  Upgraded.
  This update fixes an input flush bug with evdev.  Under exceptional
  conditions (keyboard input during device hotplugging), this could leak
  a small amount of information intended for the X server.
  This issue was evaluated to be of low impact.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1940
    http://lists.x.org/archives/xorg-devel/2013-April/036014.html
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.12.4-i486-1_slack14.0.txz:  Upgraded.
patches/packages/xorg-server-xnest-1.12.4-i486-1_slack14.0.txz:  Upgraded.
patches/packages/xorg-server-xvfb-1.12.4-i486-1_slack14.0.txz:  Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-1.9.5-i486-2_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xephyr-1.9.5-i486-2_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xnest-1.9.5-i486-2_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xvfb-1.9.5-i486-2_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-1.9.5-x86_64-2_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xephyr-1.9.5-x86_64-2_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xnest-1.9.5-x86_64-2_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xvfb-1.9.5-x86_64-2_slack13.37.txz

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-1_slack14.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.13.4-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.13.4-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.13.4-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.13.4-i486-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.13.4-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.13.4-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.13.4-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.13.4-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.37 packages:
f9fb8302617c3adbe6b990f69b50ea41  xorg-server-1.9.5-i486-2_slack13.37.txz
e0e6633d916062a0ff5d6399e8ee37dc  xorg-server-xephyr-1.9.5-i486-2_slack13.37.txz
a2ad861a624d7c023b15ad6d1619f006  xorg-server-xnest-1.9.5-i486-2_slack13.37.txz
2fe18a301cb3347bac78b5566539e4ca  xorg-server-xvfb-1.9.5-i486-2_slack13.37.txz

Slackware x86_64 13.37 packages:
1dd0651df7a8fe40dce1036cbe811e31  xorg-server-1.9.5-x86_64-2_slack13.37.txz
80d02ea8a865deddcf93151d9da7f52b  xorg-server-xephyr-1.9.5-x86_64-2_slack13.37.txz
9de55c8b950f8a09e3a22eebf8a6ce7f  xorg-server-xnest-1.9.5-x86_64-2_slack13.37.txz
3df6413ba79b5c4068ce1bdb0b9d86c8  xorg-server-xvfb-1.9.5-x86_64-2_slack13.37.txz

Slackware 14.0 packages:
f6051eb053f3cf3b97324d74af408e3e  xorg-server-1.12.4-i486-1_slack14.0.txz
8d3b5a4458277050a2e3013f6e4875fe  xorg-server-xephyr-1.12.4-i486-1_slack14.0.txz
7adecd324f0fc4f5528a0d72d7c9fca8  xorg-server-xnest-1.12.4-i486-1_slack14.0.txz
ccf8cae6dfdad7a928415242a57391b1  xorg-server-xvfb-1.12.4-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
5a999e26b7c286ae4515035d68e82b19  xorg-server-1.12.4-x86_64-1_slack14.0.txz
6b33ee07cd8888165aa30e1a15fb9b75  xorg-server-xephyr-1.12.4-x86_64-1_slack14.0.txz
aa2917f89f0a199cc4fd4dd085094a5c  xorg-server-xnest-1.12.4-x86_64-1_slack14.0.txz
a1d2ca5a38f2c7a910277ed1005abce0  xorg-server-xvfb-1.12.4-x86_64-1_slack14.0.txz

Slackware -current packages:
c269e97968334d26ac0fa5f45fe25ac5  x/xorg-server-1.13.4-i486-1.txz
29f0e8a979a1fc68c141db19b26f9708  x/xorg-server-xephyr-1.13.4-i486-1.txz
1224479b75d3ff1c09d1d6c05e0dfe9c  x/xorg-server-xnest-1.13.4-i486-1.txz
78ac6ada62c02737a9351832a5729da1  x/xorg-server-xvfb-1.13.4-i486-1.txz

Slackware x86_64 -current packages:
99127697f8f70d96d7c7d8db3d01cc8a  x/xorg-server-1.13.4-x86_64-1.txz
519c1ac7a59489baa8512e5a945cd672  x/xorg-server-xephyr-1.13.4-x86_64-1.txz
490bac5b05c3552961e976bcee6c875a  x/xorg-server-xnest-1.13.4-x86_64-1.txz
5035d8299a7a63be00be8ec2e6d2bc7c  x/xorg-server-xvfb-1.13.4-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-1.12.4-i486-1_slack14.0.txz xorg-server-xephyr-1.12.4-i486-1_slack14.0.txz xorg-server-xnest-1.12.4-i486-1_slack14.0.txz xorg-server-xvfb-1.12.4-i486-1_slack14.0.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.