Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 497836 (CVE-2013-1056)

Summary: <x11-base/xorg-server-1.13.4: Denial of Service (CVE-2013-1056)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: x11
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2014-01-11 22:42:55 UTC 
CVE-2013-1056 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1056):
  X.org X server 1.13.3 and earlier, when not run as root, allows local users
  to cause a denial of service (crash) or possibly gain privileges via vectors
  involving cached xkb files.
Comment 1 Chí-Thanh Christopher Nguyễn gentoo-dev 2014-01-12 11:41:11 UTC 
No package in tree is affected by this, the oldest xorg-server ebuild in tree where suid is optional is 1.13.4-r1. Older versions always run as root.
Comment 2 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-01-30 19:38:18 UTC 
Added to existing GLSA draft
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-05-15 12:18:57 UTC 
This issue was resolved and addressed in
 GLSA 201405-07 at http://security.gentoo.org/glsa/glsa-201405-07.xml
by GLSA coordinator Mikle Kolyada (Zlogene).