Mandriva Linux Security Advisory 2013-260 - Multiple vulnerabilities have been discovered and corrected in x11-server. The updated packages have been patched to correct these issues.
50969d2a09bdf2e48ce14b12843f678f7e90396dd3d3c735132e96cfb2be5013
Mandriva Linux Security Advisory 2013-259 - Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
d73de32034766dc93737b3ea8cb07c6ae13f7aee39585ad2d16563b6745e2abb
Debian Linux Security Advisory 2784-1 - Pedro Ribeiro discovered a use-after-free in the handling of ImageText requests in the Xorg Xserver, which could result in denial of service or privilege escalation.
82535cd588a62e5fc585f940c3816c00eb6aca566b9ff38c936e61a5a546ec92
Ubuntu Security Notice 1990-1 - Pedro Ribeiro discovered that the X.Org X server incorrectly handled memory operations when handling ImageText requests. An attacker could use this issue to cause X.Org to crash, or to possibly execute arbitrary code. It was discovered that non-root X.Org X servers such as Xephyr incorrectly used cached xkb files. A local attacker could use this flaw to cause a xkb cache file to be loaded by another user, resulting in a denial of service. Various other issues were also addressed.
20ef9ae65651b3045515f2137dfaa94de9ff70a34ee665c2b80c0fb149236b52
Red Hat Security Advisory 2013-1426-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges.
d72ffb1f45e9412968049f5b566eaaed14e469d38fd22929209af914c61bb2d6
Slackware Security Advisory - New xorg-server packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4396.
d63fcb06cd8e5c354fdbceb85314bd6e9bee0b0da684642768e3b3bfb2dce838