Novell Home

CVE-2013-4396

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4396 at MITRE

Description

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

NVD CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 843652

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE 11 SP3 DEBUGINFO
  • xorg-x11-server-debuginfo >= 7.4-27.83.2
  • xorg-x11-server-debugsource >= 7.4-27.83.2
Builds
SAT Patch Nr: 8464
SUSE Linux Enterprise Software Development Kit 11 SP3
  • xorg-x11-server-sdk >= 7.4-27.83.2
Builds
SAT Patch Nr: 8464
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • xorg-x11-Xvnc >= 7.4-27.83.2
  • xorg-x11-server >= 7.4-27.83.2
  • xorg-x11-server-extra >= 7.4-27.83.2
Builds
SAT Patch Nr: 8464
SUSE CORE 9 for AMD64 and Intel EM64T
  • XFree86 >= 4.3.99.902-43.116
  • XFree86-Mesa >= 4.3.99.902-43.116
  • XFree86-Mesa-32bit >= 9-201310241045
  • XFree86-Mesa-devel >= 4.3.99.902-43.116
  • XFree86-Mesa-devel-32bit >= 9-201310241045
  • XFree86-Xnest >= 4.3.99.902-43.116
  • XFree86-Xprt >= 4.3.99.902-43.116
  • XFree86-Xvfb >= 4.3.99.902-43.116
  • XFree86-Xvnc >= 4.3.99.902-43.116
  • XFree86-devel >= 4.3.99.902-43.116
  • XFree86-devel-32bit >= 9-201310241045
  • XFree86-doc >= 4.3.99.902-43.116
  • XFree86-driver-options >= 4.3.99.902-43.116
  • XFree86-fonts-100dpi >= 4.3.99.902-43.116
  • XFree86-fonts-75dpi >= 4.3.99.902-43.116
  • XFree86-fonts-cyrillic >= 4.3.99.902-43.116
  • XFree86-fonts-scalable >= 4.3.99.902-43.116
  • XFree86-fonts-syriac >= 4.3.99.902-43.116
  • XFree86-libs >= 4.3.99.902-43.116
  • XFree86-libs-32bit >= 9-201310241045
  • XFree86-man >= 4.3.99.902-43.116
  • XFree86-server >= 4.3.99.902-43.116
  • XFree86-server-glx >= 4.3.99.902-43.116
  • km_drm >= 4.3.99.902-43.116
Builds
YOU Patch Nr: 12979
SLE 11 SP2 DEBUGINFO
  • xorg-x11-server-debuginfo >= 7.4-27.70.74.1
  • xorg-x11-server-debugsource >= 7.4-27.70.74.1
Builds
SAT Patch Nr: 8463
SUSE Linux Enterprise Software Development Kit 11 SP2
  • xorg-x11-server-sdk >= 7.4-27.70.74.1
Builds
SAT Patch Nr: 8463
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • xorg-x11-Xvnc >= 7.4-27.70.74.1
  • xorg-x11-server >= 7.4-27.70.74.1
  • xorg-x11-server-extra >= 7.4-27.70.74.1
Builds
SAT Patch Nr: 8463

List of products where fixes are in QA

SLE 11 SP1 DEBUGINFO
SUSE Linux Enterprise Server 11 SP1 LTSS

© 2014 Novell