CVE-2013-4396

Related Files

Mandriva Linux Security Advisory 2013-260

Posted Oct 28, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-260 - Multiple vulnerabilities have been discovered and corrected in x11-server. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability

systems | linux, mandriva

advisories | CVE-2010-1166, CVE-2011-4028, CVE-2013-1940, CVE-2013-4396

SHA-256 | 50969d2a09bdf2e48ce14b12843f678f7e90396dd3d3c735132e96cfb2be5013

Download | Favorite | View

Mandriva Linux Security Advisory 2013-259

Posted Oct 28, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-259 - Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

tags | advisory, remote, denial of service, arbitrary

systems | linux, mandriva

advisories | CVE-2013-4396

SHA-256 | d73de32034766dc93737b3ea8cb07c6ae13f7aee39585ad2d16563b6745e2abb

Download | Favorite | View

Debian Security Advisory 2784-1

Posted Oct 22, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2784-1 - Pedro Ribeiro discovered a use-after-free in the handling of ImageText requests in the Xorg Xserver, which could result in denial of service or privilege escalation.

tags | advisory, denial of service

systems | linux, debian

advisories | CVE-2013-4396

SHA-256 | 82535cd588a62e5fc585f940c3816c00eb6aca566b9ff38c936e61a5a546ec92

Download | Favorite | View

Ubuntu Security Notice USN-1990-1

Posted Oct 17, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1990-1 - Pedro Ribeiro discovered that the X.Org X server incorrectly handled memory operations when handling ImageText requests. An attacker could use this issue to cause X.Org to crash, or to possibly execute arbitrary code. It was discovered that non-root X.Org X servers such as Xephyr incorrectly used cached xkb files. A local attacker could use this flaw to cause a xkb cache file to be loaded by another user, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, root

systems | linux, ubuntu

advisories | CVE-2013-4396, CVE-2013-1056, CVE-2013-1056, CVE-2013-4396

SHA-256 | 20ef9ae65651b3045515f2137dfaa94de9ff70a34ee665c2b80c0fb149236b52

Download | Favorite | View

Red Hat Security Advisory 2013-1426-01

Posted Oct 16, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1426-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges.

tags | advisory, arbitrary, root

systems | linux, redhat

advisories | CVE-2013-4396

SHA-256 | d72ffb1f45e9412968049f5b566eaaed14e469d38fd22929209af914c61bb2d6

Download | Favorite | View

Slackware Security Advisory - xorg-server Updates

Posted Oct 16, 2013

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New xorg-server packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4396.

tags | advisory

systems | linux, slackware

advisories | CVE-2013-4396

SHA-256 | d63fcb06cd8e5c354fdbceb85314bd6e9bee0b0da684642768e3b3bfb2dce838

Download | Favorite | View