oval:org.mitre.oval:def:25467
Definition Id: oval:org.mitre.oval:def:25467 | |||
Oval ID: | oval:org.mitre.oval:def:25467 | ||
Title: | SUSE-SU-2014:0744-1 -- Security update for xorg-x11-server | ||
Description: | This is a SLES 11 SP1 LTSS rollup update for the X.Org Server package. The following security issues have been fixed: * CVE-2013-6424: Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allowed context-dependent attackers to cause a denial of service (crash) via a negative bottom value. * CVE-2013-4396: Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allowed remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. * CVE-2013-1940: X.Org X server did not properly restrict access to input events when adding a new hot-plug device, which might have allowed physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0744-1 CVE-2013-6424 CVE-2013-4396 CVE-2013-1940 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | xorg-x11-server |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17270 | |||
Oval ID: | oval:org.mitre.oval:def:17270 | ||
Title: | SUSE Linux Enterprise Server 11.x is installed | ||
Description: | SUSE Linux Enterprise Server 11.x is installed. | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:novell:suse_linux:11::server | Version: | 5 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:25467 |