Ubuntu 12.04 LTS / 12.10 / 13.04 : xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring vulnerabilities (USN-1990-1)

Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Pedro Ribeiro discovered that the X.Org X server incorrectly handled
memory operations when handling ImageText requests. An attacker could
use this issue to cause X.Org to crash, or to possibly execute
arbitrary code. (CVE-2013-4396)

It was discovered that non-root X.Org X servers such as Xephyr
incorrectly used cached xkb files. A local attacker could use this
flaw to cause a xkb cache file to be loaded by another user, resulting
in a denial of service. (CVE-2013-1056).

Solution :

Update the affected xserver-xorg-core, xserver-xorg-core-lts-quantal
and / or xserver-xorg-core-lts-raring packages.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 70492 ()

Bugtraq ID: 62892

CVE ID: CVE-2013-1056
CVE-2013-4396