drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in X.Org
Name: |
Zwei Probleme in X.Org |
|
ID: |
USN-1990-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 |
|
Datum: |
Do, 17. Oktober 2013, 22:46 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
https://launchpad.net/ubuntu/+source/xorg-server-lts-quantal/2:1.13.0-0ubuntu6.1~precise4
https://launchpad.net/ubuntu/+source/xorg-server-lts-raring/2:1.13.3-0ubuntu6~precise3 |
|
Applikationen: |
X11 |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0834565994681966849== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qfdR2WlTKO5hRutERK7mBKhRAaCX09HMS"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --qfdR2WlTKO5hRutERK7mBKhRAaCX09HMS Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1990-1 October 17, 2013
xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS
Summary:
The X.Org X server could be made to crash or run programs as an administrator if it received specially crafted input.
Software Description: - xorg-server: X.Org X11 server - xorg-server-lts-quantal: X.Org X11 server - xorg-server-lts-raring: X.Org X11 server
Details:
Pedro Ribeiro discovered that the X.Org X server incorrectly handled memory operations when handling ImageText requests. An attacker could use this issue to cause X.Org to crash, or to possibly execute arbitrary code. (CVE-2013-4396)
It was discovered that non-root X.Org X servers such as Xephyr incorrectly used cached xkb files. A local attacker could use this flaw to cause a xkb cache file to be loaded by another user, resulting in a denial of service. (CVE-2013-1056)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.04: xserver-xorg-core 2:1.13.3-0ubuntu6.2
Ubuntu 12.10: xserver-xorg-core 2:1.13.0-0ubuntu6.4
Ubuntu 12.04 LTS: xserver-xorg-core 2:1.11.4-0ubuntu10.14 xserver-xorg-core-lts-quantal 2:1.13.0-0ubuntu6.1~precise4 xserver-xorg-core-lts-raring 2:1.13.3-0ubuntu6~precise3
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1990-1 CVE-2013-1056, CVE-2013-4396
Package Information: https://launchpad.net/ubuntu/+source/xorg-server/2:1.13.3-0ubuntu6.2 https://launchpad.net/ubuntu/+source/xorg-server/2:1.13.0-0ubuntu6.4 https://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.14
https://launchpad.net/ubuntu/+source/xorg-server-lts-quantal/2:1.13.0-0ubuntu6.1~precise4
https://launchpad.net/ubuntu/+source/xorg-server-lts-raring/2:1.13.3-0ubuntu6~precise3
--qfdR2WlTKO5hRutERK7mBKhRAaCX09HMS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJSYB2YAAoJEGVp2FWnRL6TdkYQALASg16qrPm3ZqFi8n3hf0z5 3DyPyazI2PmhISuu/y2dC6rKWGKqoTN6w1mduUb2osX6DZ732KeldgSvuSJpxjHX LUjtu+WIX8hrv6hjjo2Tt9hfV6rSAL3wSMxsJWzbBKxrFJZNZ8XBxIxxrxckmHZw zhw4UtzXAS8PLDXEFjXqzTJ/t41PwV9BZuhIo6+mpTJssQJSUcCqlLpdJbBdj+g4 4xKbiW5DGgtnkfOv4dgg1PCTJHrZHSCjxBJXEserr2TBoVeBFZJ7s4+wRqNCi8BS 0EUMQNLRpeDw2y9f7pH6ymddOe2iruF+DXWJUpHsnH5VM4j9Db1kqmzrKm/hzG7n w8iWbhJYvSv0kbfvWt6Gf97B9freZPWpjQSmgIMcJ+hM2hLoikgEp/fTgIrC1qT/ 3ckOYSF85kQ5ui2uOXg7KutW7yLmHTkgOweNtmE9dZkqYnJiEm6ra7EYSCH19jTc yQ1TuPJ1MzKYCGzG3hCvXLXz64EswJtYH/ra7TkiC3VUxcSxI2DcNZI6us/u34Cd 1RcvGtHmmDQ58GUAOCAH6cLap9rEzUD+tk3pAYljrLEIdK3o4Vvcd/bEUUTH8j0Q /SbfbPtFYW8KA5176vXhbPn0E1ENYLZH28JRTgcH5no1T/yeeXIsEL3TyO6f46yd s31ngTyMrAAstXql/CUZ =oEk1 -----END PGP SIGNATURE-----
--qfdR2WlTKO5hRutERK7mBKhRAaCX09HMS--
--===============0834565994681966849== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0834565994681966849==--
|
|
|
|