Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in X.Org
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in X.Org
ID: USN-1990-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04
Datum: Do, 17. Oktober 2013, 22:46
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
https://launchpad.net/ubuntu/+source/xorg-server-lts-quantal/2:1.13.0-0ubuntu6.1~precise4
https://launchpad.net/ubuntu/+source/xorg-server-lts-raring/2:1.13.3-0ubuntu6~precise3
Applikationen: X11

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0834565994681966849==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="qfdR2WlTKO5hRutERK7mBKhRAaCX09HMS"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--qfdR2WlTKO5hRutERK7mBKhRAaCX09HMS
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1990-1
October 17, 2013

xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

The X.Org X server could be made to crash or run programs as an
administrator if it received specially crafted input.

Software Description:
- xorg-server: X.Org X11 server
- xorg-server-lts-quantal: X.Org X11 server
- xorg-server-lts-raring: X.Org X11 server

Details:

Pedro Ribeiro discovered that the X.Org X server incorrectly handled
memory operations when handling ImageText requests. An attacker could use
this issue to cause X.Org to crash, or to possibly execute arbitrary code.
(CVE-2013-4396)

It was discovered that non-root X.Org X servers such as Xephyr incorrectly
used cached xkb files. A local attacker could use this flaw to cause a xkb
cache file to be loaded by another user, resulting in a denial of service.
(CVE-2013-1056)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
xserver-xorg-core 2:1.13.3-0ubuntu6.2

Ubuntu 12.10:
xserver-xorg-core 2:1.13.0-0ubuntu6.4

Ubuntu 12.04 LTS:
xserver-xorg-core 2:1.11.4-0ubuntu10.14
xserver-xorg-core-lts-quantal 2:1.13.0-0ubuntu6.1~precise4
xserver-xorg-core-lts-raring 2:1.13.3-0ubuntu6~precise3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1990-1
CVE-2013-1056, CVE-2013-4396

Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:1.13.3-0ubuntu6.2
https://launchpad.net/ubuntu/+source/xorg-server/2:1.13.0-0ubuntu6.4
https://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.14

https://launchpad.net/ubuntu/+source/xorg-server-lts-quantal/2:1.13.0-0ubuntu6.1~precise4

https://launchpad.net/ubuntu/+source/xorg-server-lts-raring/2:1.13.3-0ubuntu6~precise3



--qfdR2WlTKO5hRutERK7mBKhRAaCX09HMS
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJSYB2YAAoJEGVp2FWnRL6TdkYQALASg16qrPm3ZqFi8n3hf0z5
3DyPyazI2PmhISuu/y2dC6rKWGKqoTN6w1mduUb2osX6DZ732KeldgSvuSJpxjHX
LUjtu+WIX8hrv6hjjo2Tt9hfV6rSAL3wSMxsJWzbBKxrFJZNZ8XBxIxxrxckmHZw
zhw4UtzXAS8PLDXEFjXqzTJ/t41PwV9BZuhIo6+mpTJssQJSUcCqlLpdJbBdj+g4
4xKbiW5DGgtnkfOv4dgg1PCTJHrZHSCjxBJXEserr2TBoVeBFZJ7s4+wRqNCi8BS
0EUMQNLRpeDw2y9f7pH6ymddOe2iruF+DXWJUpHsnH5VM4j9Db1kqmzrKm/hzG7n
w8iWbhJYvSv0kbfvWt6Gf97B9freZPWpjQSmgIMcJ+hM2hLoikgEp/fTgIrC1qT/
3ckOYSF85kQ5ui2uOXg7KutW7yLmHTkgOweNtmE9dZkqYnJiEm6ra7EYSCH19jTc
yQ1TuPJ1MzKYCGzG3hCvXLXz64EswJtYH/ra7TkiC3VUxcSxI2DcNZI6us/u34Cd
1RcvGtHmmDQ58GUAOCAH6cLap9rEzUD+tk3pAYljrLEIdK3o4Vvcd/bEUUTH8j0Q
/SbfbPtFYW8KA5176vXhbPn0E1ENYLZH28JRTgcH5no1T/yeeXIsEL3TyO6f46yd
s31ngTyMrAAstXql/CUZ
=oEk1
-----END PGP SIGNATURE-----

--qfdR2WlTKO5hRutERK7mBKhRAaCX09HMS--


--===============0834565994681966849==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0834565994681966849==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung