LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

X.Org: many, many vulnerabilities

Package(s):X.Org CVE #(s):CVE-2013-1981 CVE-2013-1982 CVE-2013-1983 CVE-2013-1984 CVE-2013-1985 CVE-2013-2062 CVE-2013-1986 CVE-2013-1987 CVE-2013-1988 CVE-2013-2063 CVE-2013-1989 CVE-2013-1990 CVE-2013-1991 CVE-2013-1992 CVE-2013-2064 CVE-2013-1993 CVE-2013-1994 CVE-2013-1995 CVE-2013-1996 CVE-2013-1997 CVE-2013-1998 CVE-2013-2066 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2002 CVE-2013-1981 CVE-2013-2003 CVE-2013-2004 CVE-2013-2005
Created:May 23, 2013 Updated:July 18, 2013
Description: X.Org has disclosed a long list of vulnerabilities that have been fixed in the X Window System client libraries; most of them expose clients to attacks by a hostile server. "Most of the time X clients & servers are run by the same user, with the server more privileged from the clients, so this is not a problem, but there are scenarios in which a privileged client can be connected to an unprivileged server, for instance, connecting a setuid X client (such as a screen lock program) to a virtual X server (such as Xvfb or Xephyr) which the user has modified to return invalid data, potentially allowing the user to escalate their privileges." See the advisory for details.
Alerts:
Debian DSA-2673-1 2013-05-23
Debian DSA-2675-1 2013-05-23
Debian DSA-2674-1 2013-05-23
Debian DSA-2676-1 2013-05-23
Debian DSA-2677-1 2013-05-23
Debian DSA-2678-1 2013-05-23
Debian DSA-2679-1 2013-05-23
Debian DSA-2680-1 2013-05-23
Debian DSA-2681-1 2013-05-23
Debian DSA-2682-1 2013-05-23
Debian DSA-2683-1 2013-05-23
Debian DSA-2684-1 2013-05-23
Debian DSA-2685-1 2013-05-23
Debian DSA-2686-1 2013-05-23
Debian DSA-2687-1 2013-05-23
Debian DSA-2688-1 2013-05-23
Debian DSA-2689-1 2013-05-23
Debian DSA-2690-1 2013-05-23
Debian DSA-2691-1 2013-05-23
Debian DSA-2692-1 2013-05-23
Debian DSA-2675-2 2013-05-24
Debian DSA-2693-1 2013-05-24
Fedora FEDORA-2013-9151 2013-05-28
Fedora FEDORA-2013-9114 2013-06-02
Fedora FEDORA-2013-9138 2013-06-02
Fedora FEDORA-2013-9162 2013-06-03
Fedora FEDORA-2013-9107 2013-06-03
Fedora FEDORA-2013-9166 2013-06-03
Fedora FEDORA-2013-9141 2013-06-03
Fedora FEDORA-2013-9108 2013-06-03
Fedora FEDORA-2013-9117 2013-06-03
Fedora FEDORA-2013-9120 2013-06-03
Fedora FEDORA-2013-9137 2013-06-03
Fedora FEDORA-2013-9135 2013-06-03
Fedora FEDORA-2013-9115 2013-06-03
Fedora FEDORA-2013-9140 2013-06-03
Red Hat RHSA-2013:0897-01 2013-06-03
Red Hat RHSA-2013:0898-01 2013-06-03
Scientific Linux SL-mesa-20130603 2013-06-03
Scientific Linux SL-mesa-20130603 2013-06-03
CentOS CESA-2013:0897 2013-06-03
CentOS CESA-2013:0898 2013-06-03
Oracle ELSA-2013-0897 2013-06-03
Oracle ELSA-2013-0898 2013-06-03
Fedora FEDORA-2013-9156 2013-06-06
Fedora FEDORA-2013-9147 2013-06-06
Fedora FEDORA-2013-9146 2013-06-06
Fedora FEDORA-2013-9155 2013-06-06
Fedora FEDORA-2013-9188 2013-06-06
Fedora FEDORA-2013-9177 2013-06-06
openSUSE openSUSE-SU-2013:0865-1 2013-06-06
Ubuntu USN-1852-1 2013-06-05
Ubuntu USN-1853-1 2013-06-05
Ubuntu USN-1854-1 2013-06-05
Ubuntu USN-1855-1 2013-06-05
Ubuntu USN-1856-1 2013-06-05
Ubuntu USN-1857-1 2013-06-05
Ubuntu USN-1858-1 2013-06-05
Ubuntu USN-1860-1 2013-06-05
Ubuntu USN-1861-1 2013-06-05
Ubuntu USN-1862-1 2013-06-05
Ubuntu USN-1863-1 2013-06-05
Ubuntu USN-1864-1 2013-06-05
Ubuntu USN-1865-1 2013-06-05
Ubuntu USN-1866-1 2013-06-05
Ubuntu USN-1867-1 2013-06-05
Ubuntu USN-1868-1 2013-06-05
Ubuntu USN-1869-1 2013-06-05
Ubuntu USN-1870-1 2013-06-05
Ubuntu USN-1859-1 2013-06-05
Ubuntu USN-1871-1 2013-06-10
openSUSE openSUSE-SU-2013:1007-1 2013-06-14
openSUSE openSUSE-SU-2013:1009-1 2013-06-14
openSUSE openSUSE-SU-2013:1014-1 2013-06-14
openSUSE openSUSE-SU-2013:1008-1 2013-06-14
openSUSE openSUSE-SU-2013:1010-1 2013-06-14
openSUSE openSUSE-SU-2013:1025-1 2013-06-17
openSUSE openSUSE-SU-2013:1026-1 2013-06-17
openSUSE openSUSE-SU-2013:1027-1 2013-06-17
openSUSE openSUSE-SU-2013:1028-1 2013-06-17
openSUSE openSUSE-SU-2013:1029-1 2013-06-17
openSUSE openSUSE-SU-2013:1030-1 2013-06-17
openSUSE openSUSE-SU-2013:1031-1 2013-06-17
openSUSE openSUSE-SU-2013:1032-1 2013-06-17
openSUSE openSUSE-SU-2013:1033-1 2013-06-17
openSUSE openSUSE-SU-2013:1034-1 2013-06-17
openSUSE openSUSE-SU-2013:1041-1 2013-06-19
openSUSE openSUSE-SU-2013:1046-1 2013-06-19
openSUSE openSUSE-SU-2013:1047-1 2013-06-19
openSUSE openSUSE-SU-2013:1011-1 2013-06-14
Ubuntu USN-1888-1 2013-06-20
Mageia MGASA-2013-0186 2013-06-26
Mageia MGASA-2013-0190 2013-06-26
Mandriva MDVSA-2013:182 2013-06-27
Mandriva MDVSA-2013:181 2013-06-27
Fedora FEDORA-2013-11734 2013-07-08
Fedora FEDORA-2013-12083 2013-07-11
Fedora FEDORA-2013-12593 2013-07-18
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds