Advisories » MGASA-2013-0317

Updated x11-server packages fix CVE-2013-4396

Publication date: 25 Oct 2013
Modification date: 25 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4396

Description

Updated x11-server packages fix security vulnerability:

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in
the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated
users to cause a denial of service (daemon crash) or possibly execute arbitrary
code via a crafted ImageText request that triggers memory-allocation failure
(CVE-2013-4396).
                

References

• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4396
• http://lists.x.org/archives/xorg-announce/2013-October/002332.html
• https://rhn.redhat.com/errata/RHSA-2013-1426.html
• https://bugs.mageia.org/show_bug.cgi?id=11428
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396

SRPMS

2/core

• x11-server-1.11.4-2.4.mga2

3/core

• x11-server-1.13.4-2.2.mga3