Project

General

Profile

Bug #1793

[v2.6] Vulnerability in xorg-server allows local information disclosure

Added by Leonardo Arena about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
04/19/2013
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1940

David Airlie and Peter Hutterer of Red Hat discovered that xorg-server,
the Xorg X server was vulnerable to an information disclosure flaw
related to input handling and devices hotplug.

When an X server is running but not on front (for example because of a VT
switch), a newly plugged input device would still be recognized and
handled by the X server, which would actually transmit input events to
its clients on the background.

This could allow an attacker to recover some input events not intended
for the X clients, including sensitive information.

Patch: http://cgit.freedesktop.org/xorg/xserver/patch/?id=6ca03b9161d33b1d2b55a3a1a913cf88deb2343f


Subtasks

Bug #1794: [v2.5] Vulnerability in xorg-server allows local information disclosureClosed

Bug #1795: [v2.4] Vulnerability in xorg-server allows local information disclosureClosed

Bug #1796: [v2.3] Vulnerability in xorg-server allows local information disclosureClosed

Bug #1797: [v2.2] Vulnerability in xorg-server allows local information disclosureClosed

History

#1 Updated by Natanael Copa about 6 years ago

  • Status changed from New to Resolved

This was fixed with 1.4.1. 32d071e8fe5e9085a4347a3d0edc7ef8a11196b8

#2 Updated by Natanael Copa about 6 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF