1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
PublicDateAtUSN: 2013-05-23 15:00:00 UTC
Candidate: CVE-2013-2004
CRD: 2013-05-23 15:00:00 UTC
PublicDate: 2013-06-15
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
http://www.debian.org/security/2013/dsa-2693
http://www.ubuntu.com/usn/usn-1854-1
Description:
The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11
1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when
processing directives to include files, which allows X servers to cause a
denial of service (stack consumption) via a crafted file.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Ilja van Sprundel
Assigned-to: mdeslaur
Patches_libx11:
upstream: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=236b603d235dc264d1c6250dca09c745458a9088 (1/2)
upstream: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=226622349a4b1e16064649d4444a34fb4be4f464 (2/2)
upstream_libx11: pending (1.5.99.902)
lucid_libx11: released (2:1.3.2-1ubuntu3.1)
precise_libx11: released (2:1.4.99.1-0ubuntu2.1)
quantal_libx11: released (2:1.5.0-1ubuntu0.1)
raring_libx11: released (2:1.5.0-1ubuntu1.1)
devel_libx11: released (2:1.5.0-1ubuntu2)
|