Wednesday, April 17, 2013

[USN-1803-1] X.Org X server vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRbxTcAAoJEFHb3FjMVZVzbSAP/0rVoZ7KJv7akqUaauhpqKoV
Nhi+mAiVeM7sn8hVeB2UcEHA4MD2VwXNrrb/lAD0Bqq4dVchnA20Ek7520PVDGNm
YLFb/ng320CZUvHsSppqG4lwk8K/0yyI++gXtWM6ls/qiDs2ieQBXt8rOOtywMn0
Iu19eXU3fc4KsgEjknt9WPM6LRc8V3FlpJ0qVuH+xZXX/pME5zn1gTCinZg0jEDn
bzLf7l8yIAoRLhCXrRFILzkSOhl/+rtF8AAatrcuE3mbK2b7zwPTldf77SaubImd
3T8GyRYky6BcI0AXkvXo/Z6WxLFM09fy4iGlBgg1ZF78dQ3LcFK4zSg3Al9Ox1SR
rGuxvdA2MguaFrZzLJ0rJESEnhTATDSwxnJNCTf404q9ykqOsJ5wns0m7x+3w8oc
YYXcukHM4wUZAfcLdJZsrGKI8HDjgUWvNAq0DkWcsHQV8BUP9PJWroQ5JPCUUQx9
Sq51Lox1/eaLg/zNDqPWVDFpj45hzh0D1damdo7JesRwB6+iFtl6oFN05Cww1XcK
F9Hrx7PPd3lgEdqdAV0ssztsevLnqY3+zsjaXYPbRLIWPchbRO7VYWHrTV9FxPwX
qX3qpLm/XDzKkBbFMJ4RppLzwKpFaJEuIgH+By3LFTvWrEIgDrYg1ZDGUMlCi6bY
Xt2A7lUX/dQ7vzla8tMU
=223u
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1803-1
April 17, 2013

xorg-server, xorg-server-lts-quantal vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

The X server could be made to reveal keystrokes of other users.

Software Description:
- xorg-server: X.Org X server
- xorg-server-lts-quantal: X.Org X server

Details:

It was discovered that the X.Org X server did not properly clear input
events in certain circumstances. A local attacker with physical access
could use this flaw to capture keystrokes.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
xserver-xorg-core 2:1.13.0-0ubuntu6.2

Ubuntu 12.04 LTS:
xserver-xorg-core 2:1.11.4-0ubuntu10.13
xserver-xorg-core-lts-quantal 2:1.13.0-0ubuntu6.1~precise3

Ubuntu 11.10:
xserver-xorg-core 2:1.10.4-1ubuntu4.5

Ubuntu 10.04 LTS:
xserver-xorg-core 2:1.7.6-2ubuntu7.12

After a standard system update you need to restart your session to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1803-1
CVE-2013-1940

Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:1.13.0-0ubuntu6.2
https://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.13

https://launchpad.net/ubuntu/+source/xorg-server-lts-quantal/2:1.13.0-0ubuntu6.1~precise3
https://launchpad.net/ubuntu/+source/xorg-server/2:1.10.4-1ubuntu4.5
https://launchpad.net/ubuntu/+source/xorg-server/2:1.7.6-2ubuntu7.12

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)