Bug 29132 - xorg-server: DoS/Information Disclosure (3.1)
xorg-server: DoS/Information Disclosure (3.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 2.4
Other Linux
: P4 normal (vote)
: UCS 3.2
Assigned To: Moritz Muehlenhoff
Janek Walkenhorst
: interim-3
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-11-09 15:38 CET by Moritz Muehlenhoff
Modified: 2013-11-19 06:43 CET (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2012-11-09 15:38:11 CET
+++ This bug was initially created as a clone of Bug #25583 +++

\item In der Render-Erweiterung wurden mehrere Kommandos unzureichend
bereinigt. Das erlaubt Denial of Service oder das Auslesen von Speicher
(CVE-2010-4819)
Comment 1 Moritz Muehlenhoff univentionstaff 2013-05-03 15:06:33 CEST
CVE-2013-1940

David Airlie and Peter Hutterer of Red Hat discovered that xorg-server,
the Xorg X server was vulnerable to an information disclosure flaw
related to input handling and devices hotplug.

When an X server is running but not on front (for example because of a VT
switch), a newly plugged input device would still be recognized and
handled by the X server, which would actually transmit input events to
its clients on the background.

This could allow an attacker to recover some input events not intended
for the X clients, including sensitive information.
Comment 2 Moritz Muehlenhoff univentionstaff 2013-07-30 15:43:53 CEST
(In reply to Moritz Muehlenhoff from comment #0)
> +++ This bug was initially created as a clone of Bug #25583 +++
> 
> \item In der Render-Erweiterung wurden mehrere Kommandos unzureichend
> bereinigt. Das erlaubt Denial of Service oder das Auslesen von Speicher
> (CVE-2010-4819)

This has already been fixed in 3.0-1 with the import of 2:1.7.7-14
Comment 3 Moritz Muehlenhoff univentionstaff 2013-08-05 14:32:32 CEST
Fixed in 3.2 through the import of Debian 6.0.8.

The QA should ideally be made by the same person as for Bug 31956.
Comment 4 Janek Walkenhorst univentionstaff 2013-10-21 12:18:53 CEST
(In reply to Moritz Muehlenhoff from comment #2)
> This has already been fixed in 3.0-1 with the import of 2:1.7.7-14
Correct

(In reply to Moritz Muehlenhoff from comment #3)
> Fixed in 3.2 through the import of Debian 6.0.8.
Correct
Comment 5 Stefan Gohmann univentionstaff 2013-11-19 06:43:34 CET
UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".