CVE-2013-4509

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4509 at MITRE

Description

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.

NVD CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)

SUSE information

SUSE Bugzilla entry: 847718

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 13.1
  • ibus >= 1.5.4-4.1
  • ibus-branding-openSUSE-KDE >= 1.5.4-4.1
  • ibus-chewing >= 1.4.3-4.4.1
  • ibus-chewing-debuginfo >= 1.4.3-4.4.1
  • ibus-debuginfo >= 1.5.4-4.1
  • ibus-debugsource >= 1.5.4-4.1
  • ibus-devel >= 1.5.4-4.1
  • ibus-gtk >= 1.5.4-4.1
  • ibus-gtk-32bit >= 1.5.4-4.1
  • ibus-gtk-debuginfo >= 1.5.4-4.1
  • ibus-gtk-debuginfo-32bit >= 1.5.4-4.1
  • ibus-gtk3 >= 1.5.4-4.1
  • ibus-gtk3-32bit >= 1.5.4-4.1
  • ibus-gtk3-debuginfo >= 1.5.4-4.1
  • ibus-gtk3-debuginfo-32bit >= 1.5.4-4.1
  • ibus-lang >= 1.5.4-4.1
  • ibus-pinyin >= 1.5.0-3.6.1
  • ibus-pinyin-debuginfo >= 1.5.0-3.6.1
  • ibus-pinyin-debugsource >= 1.5.0-3.6.1
  • libibus-1_0-5 >= 1.5.4-4.1
  • libibus-1_0-5-32bit >= 1.5.4-4.1
  • libibus-1_0-5-debuginfo >= 1.5.4-4.1
  • libibus-1_0-5-debuginfo-32bit >= 1.5.4-4.1
  • python-ibus >= 1.5.4-4.1
  • typelib-1_0-IBus-1_0 >= 1.5.4-4.1
Patchnames:
openSUSE-2013-850
openSUSE-2013-939
openSUSE-2014-40