Upstream information

CVE-2013-2190 at MITRE

Description

The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 843441 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • clutter >= 1.12.2-2.4.1
  • clutter-debugsource >= 1.12.2-2.4.1
  • clutter-devel >= 1.12.2-2.4.1
  • clutter-lang >= 1.12.2-2.4.1
  • libclutter-1_0-0 >= 1.12.2-2.4.1
  • libclutter-1_0-0-32bit >= 1.12.2-2.4.1
  • libclutter-1_0-0-debuginfo >= 1.12.2-2.4.1
  • libclutter-1_0-0-debuginfo-32bit >= 1.12.2-2.4.1
  • typelib-1_0-Clutter-1_0 >= 1.12.2-2.4.1
Patchnames:
openSUSE-2013-750