Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Mikle Kolyada <zlogene@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201405-07 ] X.Org X Server: Multiple vulnerabilities
Date: Thu, 15 May 2014 12:15:09
Message-Id: 5374B077.5030701@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201405-07
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: X.Org X Server: Multiple vulnerabilities
9 Date: May 15, 2014
10 Bugs: #466222, #471098, #487360, #497836
11 ID: 201405-07
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in X.Org X Server, allowing
19 attackers to execute arbitrary code or cause a Denial of Service
20 condition.
21
22 Background
23 ==========
24
25 The X Window System is a graphical windowing system based on a
26 client/server model.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 x11-base/xorg-server < 1.14.3-r2 >= 1.14.3-r2
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in X.Org X Server. Please
40 review the CVE identifiers referenced below for details.
41
42 Impact
43 ======
44
45 A context-dependent attacker could execute arbitrary code with the
46 privileges of the process, cause a Denial of Service condition, or
47 obtain sensitive information.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All X.Org X Server users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.14.3-r2"
61
62 References
63 ==========
64
65 [ 1 ] CVE-2013-1056
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1056
67 [ 2 ] CVE-2013-1940
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1940
69 [ 3 ] CVE-2013-1981
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1981
71 [ 4 ] CVE-2013-1982
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1982
73 [ 5 ] CVE-2013-1983
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1983
75 [ 6 ] CVE-2013-1984
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1984
77 [ 7 ] CVE-2013-1985
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1985
79 [ 8 ] CVE-2013-1986
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1986
81 [ 9 ] CVE-2013-1987
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1987
83 [ 10 ] CVE-2013-1988
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1988
85 [ 11 ] CVE-2013-1989
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1989
87 [ 12 ] CVE-2013-1990
88 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1990
89 [ 13 ] CVE-2013-1991
90 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1991
91 [ 14 ] CVE-2013-1992
92 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1992
93 [ 15 ] CVE-2013-1993
94 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1993
95 [ 16 ] CVE-2013-1994
96 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1994
97 [ 17 ] CVE-2013-1995
98 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1995
99 [ 18 ] CVE-2013-1996
100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1996
101 [ 19 ] CVE-2013-1997
102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1997
103 [ 20 ] CVE-2013-1998
104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1998
105 [ 21 ] CVE-2013-1999
106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1999
107 [ 22 ] CVE-2013-2000
108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2000
109 [ 23 ] CVE-2013-2001
110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2001
111 [ 24 ] CVE-2013-2002
112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2002
113 [ 25 ] CVE-2013-2003
114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2003
115 [ 26 ] CVE-2013-2004
116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2004
117 [ 27 ] CVE-2013-2005
118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2005
119 [ 28 ] CVE-2013-2062
120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2062
121 [ 29 ] CVE-2013-2063
122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2063
123 [ 30 ] CVE-2013-2064
124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2064
125 [ 31 ] CVE-2013-2066
126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2066
127 [ 32 ] CVE-2013-4396
128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4396
129
130 Availability
131 ============
132
133 This GLSA and any updates to it are available for viewing at
134 the Gentoo Security Website:
135
136 http://security.gentoo.org/glsa/glsa-201405-07.xml
137
138 Concerns?
139 =========
140
141 Security is a primary focus of Gentoo Linux and ensuring the
142 confidentiality and security of our users' machines is of utmost
143 importance to us. Any security concerns should be addressed to
144 security@g.o or alternatively, you may file a bug at
145 https://bugs.gentoo.org.
146
147 License
148 =======
149
150 Copyright 2014 Gentoo Foundation, Inc; referenced text
151 belongs to its owner(s).
152
153 The contents of this document are licensed under the
154 Creative Commons - Attribution / Share Alike license.
155
156 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups