RedHat Update for xorg-x11-server RHSA-2012:0939-04

Solution
Please Install the Updated Packages.
Insight
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information. (CVE-2011-4029) Red Hat would like to thank the researcher with the nickname vladz for reporting these issues. This update also fixes the following bugs: * Prior to this update, the KDE Display Manager (KDM) could pass invalid 24bpp pixmap formats to the X server. As a consequence, the X server could unexpectedly abort. This update modifies the underlying code to pass the correct formats. (BZ#651934, BZ#722860) * Prior to this update, absolute input devices, like the stylus of a graphic tablet, could become unresponsive in the right-most or bottom-most screen if the X server was configured as a multi-screen setup through multiple &quot Device&quot sections in the xorg.conf file. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens. (BZ#732467) * Prior to this update, the misleading message &quot Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor.&quot could be displayed after resuming the system or re-enabling the display, and included a URL to an external web page. This update removes this message. (BZ#748704) * Prior to this update, the erroneous input handling code of the Xephyr server disabled screens on a screen crossing event. The focus was only on the screen where the mouse was located and only this screen was updated when the Xephyr nested X server was configured in a multi-screen setup. This update removes this code and Xephyr now correctly updates screens in multi-screen setups. (BZ#757792) * Prior to this update, raw events did not contain relative axis values. As a consequence, clients which relied on relative values for functioning did ... Description truncated, for more information please check the Reference URL
Affected
xorg-x11-server on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6)
References