Mandriva Linux Security Advisory : clutter (MDVSA-2013:255)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated clutter packages fix security vulnerability :

A security flaw was found in the way Clutter, an open source software
library for creating rich graphical user interfaces, used to manage
translation of hierarchy events in certain circumstances (when
underlying device disappeared, causing XIQueryDevice query to throw an
error). Physically proximate attackers could use this flaw for example
to obtain unauthorized access to gnome-shell session right after
system resume (due to gnome-shell crash) (CVE-2013-2190).

See also :

http://advisories.mageia.org/MGASA-2013-0312.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 70522 ()

Bugtraq ID: 60593

CVE ID: CVE-2013-2190

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now