ID CVE-2013-4396
Summary Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
References
Vulnerable Configurations
  • X.Org X11 R6.0
    cpe:2.3:a:x:x.org_x11:6.0
  • X.Org X11 R6.1
    cpe:2.3:a:x:x.org_x11:6.1
  • X.Org X11 R6.3
    cpe:2.3:a:x:x.org_x11:6.3
  • X.Org X11 R6.4
    cpe:2.3:a:x:x.org_x11:6.4
  • X.Org X11 R6.5.1
    cpe:2.3:a:x:x.org_x11:6.5.1
  • X.Org X11 R6.6
    cpe:2.3:a:x:x.org_x11:6.6
  • X.Org X11 R6.7
    cpe:2.3:a:x:x.org_x11:6.7
  • X.Org X11 R6.8
    cpe:2.3:a:x:x.org_x11:6.8
  • X.Org X11 R6.8.1
    cpe:2.3:a:x:x.org_x11:6.8.1
  • X.Org X11 R6.8.2
    cpe:2.3:a:x:x.org_x11:6.8.2
  • X.Org X11 R6.9.0
    cpe:2.3:a:x:x.org_x11:6.9.0
  • X.Org X11 R7.0
    cpe:2.3:a:x:x.org_x11:7.0
  • X.Org X11 R7.1
    cpe:2.3:a:x:x.org_x11:7.1
  • X.Org X11 R7.2
    cpe:2.3:a:x:x.org_x11:7.2
  • X.Org X11 R7.3
    cpe:2.3:a:x:x.org_x11:7.3
  • X.Org X11 R7.4
    cpe:2.3:a:x:x.org_x11:7.4
  • X.Org X11 R7.5
    cpe:2.3:a:x:x.org_x11:7.5
  • X.Org X11 R7.5 release candidate 1
    cpe:2.3:a:x:x.org_x11:7.5:rc1
  • X.Org X11 R7.6
    cpe:2.3:a:x:x.org_x11:7.6
  • X.Org X11 R7.6 release candidate 1
    cpe:2.3:a:x:x.org_x11:7.6:rc1
  • X.Org X11 R7.7
    cpe:2.3:a:x:x.org_x11:7.7
  • X.Org X11 R7.7 release candidate 1
    cpe:2.3:a:x:x.org_x11:7.7:rc1
CVSS
Base: 6.5 (as of 09-10-2013 - 20:14)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1990-1.NASL
    description Pedro Ribeiro discovered that the X.Org X server incorrectly handled memory operations when handling ImageText requests. An attacker could use this issue to cause X.Org to crash, or to possibly execute arbitrary code. (CVE-2013-4396) It was discovered that non-root X.Org X servers such as Xephyr incorrectly used cached xkb files. A local attacker could use this flaw to cause a xkb cache file to be loaded by another user, resulting in a denial of service. (CVE-2013-1056). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 70492
    published 2013-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70492
    title Ubuntu 12.04 LTS / 12.10 / 13.04 : xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring vulnerabilities (USN-1990-1)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV52184.NASL
    description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
    last seen 2019-02-21
    modified 2014-01-22
    plugin id 72067
    published 2014-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72067
    title AIX 6.1 TL 8 : xorg (IV52184)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV52185.NASL
    description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
    last seen 2019-02-21
    modified 2014-01-22
    plugin id 72068
    published 2014-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72068
    title AIX 7.1 TL 1 : xorg (IV52185)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-234.NASL
    description A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-4396)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 70896
    published 2013-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70896
    title Amazon Linux AMI : xorg-x11-server (ALAS-2013-234)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201405-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201405-07 (X.Org X Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 74028
    published 2014-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74028
    title GLSA-201405-07 : X.Org X Server: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2784.NASL
    description Pedro Ribeiro discovered a use-after-free in the handling of ImageText requests in the Xorg Xserver, which could result in denial of service or privilege escalation.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 70548
    published 2013-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70548
    title Debian DSA-2784-1 : xorg-server - use-after-free
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_9A57C6073CAB11E3B4D9BCAEC565249C.NASL
    description Alan Coopersmith reports : Pedro Ribeiro (pedrib at gmail.com) reported an issue to the X.Org security team in which an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 70595
    published 2013-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70595
    title FreeBSD : xorg-server -- use-after-free (9a57c607-3cab-11e3-b4d9-bcaec565249c)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1426.NASL
    description Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-4396) Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Pedro Ribeiro as the original reporter. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 70451
    published 2013-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70451
    title RHEL 5 / 6 : xorg-x11-server (RHSA-2013:1426)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV52181.NASL
    description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
    last seen 2019-02-21
    modified 2014-01-22
    plugin id 72066
    published 2014-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72066
    title AIX 6.1 TL 7 : xorg (IV52181)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV53331.NASL
    description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
    last seen 2019-02-21
    modified 2014-01-22
    plugin id 72070
    published 2014-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72070
    title AIX 5.3 TL 12 : xorg (IV53331)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-259.NASL
    description Updated x11-server packages fix security vulnerability : Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure (CVE-2013-4396).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 70679
    published 2013-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70679
    title Mandriva Linux Security Advisory : x11-server (MDVSA-2013:259)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV52978.NASL
    description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
    last seen 2019-02-21
    modified 2014-02-05
    plugin id 72287
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72287
    title AIX 6.1 TL 9 : xorg (IV52978)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_XORG-X11-XVNC-131022.NASL
    description xorg-x11-server was updated to fix the following security issue : - Fixed a security issue in which an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption. (CVE-2013-4396, bnc#843652) A non-security issues was also fixed : - rfbAuthReenable is accessing rfbClient structure that was in most cases already freed. It actually needs only ScreenPtr, so pass it directly. (bnc#816813)
    last seen 2019-02-21
    modified 2013-11-19
    plugin id 70961
    published 2013-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70961
    title SuSE 11.2 / 11.3 Security Update : xorg-x11-server (SAT Patch Numbers 8463 / 8464)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2013-287-05.NASL
    description New xorg-server packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2013-10-15
    plugin id 70441
    published 2013-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70441
    title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : xorg-server (SSA:2013-287-05)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-807.NASL
    description Fixes the following security issue : - an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption. (CVE-2013-4396, bnc#843652) and the following bug was fixed too : - rfbAuthReenable is accessing rfbClient structure that was in most cases already freed. It actually needs only ScreenPtr, so pass it directly. (bnc#816813)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75179
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75179
    title openSUSE Security Update : xorg-x11-server (openSUSE-SU-2013:1610-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_XORG_20141014.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. (CVE-2013-4396)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80821
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80821
    title Oracle Solaris Third-Party Patch Update : xorg (cve_2013_4396_use_after)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131015_XORG_X11_SERVER_ON_SL5_X.NASL
    description A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-4396) Users of proprietary drivers may need to reinstall the driver after applying this update. Some users have reported the inability to load X without reloading the nVidia or the ATI drivers. You can use 'yum reinstall' to easily reload drivers packaged in RPM format. RPMs for many common drivers can be found at the ELRepo Project. You can easily add the ELRepo Project's repository to your system with 'yum install yum-conf-elrepo' on SL 6 systems. Any issues with ELRepo packages should be directed to their mailing lists. After installing the update, X must be restarted for the changes to take full effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 70468
    published 2013-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70468
    title Scientific Linux Security Update : xorg-x11-server on SL5.x, SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1426.NASL
    description Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-4396) Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Pedro Ribeiro as the original reporter. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 70464
    published 2013-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70464
    title CentOS 5 / 6 : xorg-x11-server (CESA-2013:1426)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1426.NASL
    description From Red Hat Security Advisory 2013:1426 : Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-4396) Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Pedro Ribeiro as the original reporter. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 70450
    published 2013-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70450
    title Oracle Linux 5 / 6 : xorg-x11-server (ELSA-2013-1426)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV53246.NASL
    description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
    last seen 2019-02-21
    modified 2014-02-05
    plugin id 72288
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72288
    title AIX 7.1 TL 3 : xorg (IV53246)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV52186.NASL
    description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
    last seen 2019-02-21
    modified 2014-01-22
    plugin id 72069
    published 2014-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72069
    title AIX 7.1 TL 2 : xorg (IV52186)
redhat via4
advisories
bugzilla
id 1014561
title CVE-2013-4396 xorg-x11-server: use-after-free flaw when handling ImageText requests
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment xorg-x11-server-Xdmx is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426011
        • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359014
      • AND
        • comment xorg-x11-server-Xephyr is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426017
        • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359018
      • AND
        • comment xorg-x11-server-Xnest is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426013
        • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359012
      • AND
        • comment xorg-x11-server-Xorg is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426005
        • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359020
      • AND
        • comment xorg-x11-server-Xvfb is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426009
        • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359010
      • AND
        • comment xorg-x11-server-common is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426015
        • comment xorg-x11-server-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359006
      • AND
        • comment xorg-x11-server-devel is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426007
        • comment xorg-x11-server-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359016
      • AND
        • comment xorg-x11-server-source is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426019
        • comment xorg-x11-server-source is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359008
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment xorg-x11-server-Xdmx is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426030
        • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127003
      • AND
        • comment xorg-x11-server-Xephyr is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426022
        • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127011
      • AND
        • comment xorg-x11-server-Xnest is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426028
        • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127013
      • AND
        • comment xorg-x11-server-Xorg is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426032
        • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127007
      • AND
        • comment xorg-x11-server-Xvfb is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426034
        • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127009
      • AND
        • comment xorg-x11-server-Xvnc-source is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426026
        • comment xorg-x11-server-Xvnc-source is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100382007
      • AND
        • comment xorg-x11-server-sdk is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426024
        • comment xorg-x11-server-sdk is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127005
rhsa
id RHSA-2013:1426
released 2013-10-15
severity Important
title RHSA-2013:1426: xorg-x11-server security update (Important)
rpms
  • xorg-x11-server-Xdmx-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-Xephyr-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-Xnest-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-Xorg-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-Xvfb-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-common-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-devel-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-source-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-Xdmx-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-Xephyr-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-Xnest-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-Xorg-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-Xvfb-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-Xvnc-source-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-sdk-0:1.1.1-48.101.el5_10.1
refmap via4
bid 62892
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1014561
debian DSA-2784
mlist
  • [oss-security] 20131008 Fwd: X.Org security advisory: CVE-2013-4396: Use after free in Xserver handling of ImageText requests
  • [xorg-announce] 20131008 X.Org security advisory: CVE-2013-4396: Use after free in Xserver handling of ImageText requests
suse
  • openSUSE-SU-2013:1610
  • openSUSE-SU-2013:1614
ubuntu USN-1990-1
Last major update 28-11-2016 - 14:09
Published 10-10-2013 - 06:55
Back to Top