Advisories » MGASA-2013-0312

Updated clutter packages fix CVE-2013-2190

Publication date: 17 Oct 2013
Modification date: 17 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-2190

Description

Updated clutter packages fix security vulnerability:

A security flaw was found in the way Clutter, an open source software library
for creating rich graphical user interfaces, used to manage translation of
hierarchy events in certain circumstances (when underlying device disappeared,
causing XIQueryDevice query to throw an error). Physically proximate attackers
could use this flaw for example to obtain unauthorized access to gnome-shell
session right after system resume (due to gnome-shell crash) (CVE-2013-2190).
                

References

• http://lists.opensuse.org/opensuse-updates/2013-10/msg00014.html
• https://bugs.mageia.org/show_bug.cgi?id=11448
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2190

SRPMS

3/core

• clutter-1.12.2-2.1.mga3

2/core

• clutter-1.10.8-1.1.mga2