Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 497836 (CVE-2013-1056) - <x11-base/xorg-server-1.13.4: Denial of Service (CVE-2013-1056)
Summary: <x11-base/xorg-server-1.13.4: Denial of Service (CVE-2013-1056)
Status: RESOLVED FIXED
Alias: CVE-2013-1056
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-11 22:42 UTC by GLSAMaker/CVETool Bot
Modified: 2014-05-15 12:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2014-01-11 22:42:55 UTC
CVE-2013-1056 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1056):
  X.org X server 1.13.3 and earlier, when not run as root, allows local users
  to cause a denial of service (crash) or possibly gain privileges via vectors
  involving cached xkb files.
Comment 1 Chí-Thanh Christopher Nguyễn gentoo-dev 2014-01-12 11:41:11 UTC
No package in tree is affected by this, the oldest xorg-server ebuild in tree where suid is optional is 1.13.4-r1. Older versions always run as root.
Comment 2 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-01-30 19:38:18 UTC
Added to existing GLSA draft
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-05-15 12:18:57 UTC
This issue was resolved and addressed in
 GLSA 201405-07 at http://security.gentoo.org/glsa/glsa-201405-07.xml
by GLSA coordinator Mikle Kolyada (Zlogene).