Gentoo: GLSA-201405-07: X.Org X Server: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details.
Resolution
All X.Org X Server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.14.3-r2"
References
[ 1 ] CVE-2013-1056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1056 [ 2 ] CVE-2013-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1940 [ 3 ] CVE-2013-1981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1981 [ 4 ] CVE-2013-1982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1982 [ 5 ] CVE-2013-1983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1983 [ 6 ] CVE-2013-1984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1984 [ 7 ] CVE-2013-1985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1985 [ 8 ] CVE-2013-1986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1986 [ 9 ] CVE-2013-1987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1987 [ 10 ] CVE-2013-1988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1988 [ 11 ] CVE-2013-1989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1989 [ 12 ] CVE-2013-1990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1990 [ 13 ] CVE-2013-1991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1991 [ 14 ] CVE-2013-1992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1992 [ 15 ] CVE-2013-1993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1993 [ 16 ] CVE-2013-1994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1994 [ 17 ] CVE-2013-1995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1995 [ 18 ] CVE-2013-1996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1996 [ 19 ] CVE-2013-1997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1997 [ 20 ] CVE-2013-1998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1998 [ 21 ] CVE-2013-1999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1999 [ 22 ] CVE-2013-2000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2000 [ 23 ] CVE-2013-2001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2001 [ 24 ] CVE-2013-2002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2002 [ 25 ] CVE-2013-2003 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2003 [ 26 ] CVE-2013-2004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2004 [ 27 ] CVE-2013-2005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2005 [ 28 ] CVE-2013-2062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2062 [ 29 ] CVE-2013-2063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2063 [ 30 ] CVE-2013-2064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2064 [ 31 ] CVE-2013-2066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2066 [ 32 ] CVE-2013-4396 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4396
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201405-07
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been found in X.Org X Server, allowing attackers to execute arbitrary code or cause a Denial of Service condition.
Background
The X Window System is a graphical windowing system based on a client/server model.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 x11-base/xorg-server < 1.14.3-r2 >= 1.14.3-r2
Impact
===== A context-dependent attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information.
Workaround
There is no known workaround at this time.
