Upstream information

CVE-2013-4396 at MITRE

Description

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.5
Vector AV:N/AC:L/Au:S/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 843652 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • xorg-x11-Xvnc >= 7.4-27.70.74.1
  • xorg-x11-server >= 7.4-27.70.74.1
  • xorg-x11-server-extra >= 7.4-27.70.74.1
Patchnames:
sledsp2-xorg-x11-Xvnc
SUSE Linux Enterprise Desktop 11 SP3
  • xorg-x11-Xvnc >= 7.4-27.83.2
  • xorg-x11-server >= 7.4-27.83.2
  • xorg-x11-server-extra >= 7.4-27.83.2
Patchnames:
sledsp3-xorg-x11-Xvnc
SUSE Linux Enterprise Desktop 12
  • xorg-x11-server >= 7.6_1.15.2-12.17
  • xorg-x11-server-extra >= 7.6_1.15.2-12.17
Patchnames:
SUSE Linux Enterprise Desktop 12 GA xorg-x11-server
SUSE Linux Enterprise Desktop 12 SP1
  • xorg-x11-server >= 7.6_1.15.2-36.21
  • xorg-x11-server-extra >= 7.6_1.15.2-36.21
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA xorg-x11-server
SUSE Linux Enterprise Desktop 12 SP2
  • xorg-x11-server >= 7.6_1.18.3-57.34
  • xorg-x11-server-extra >= 7.6_1.18.3-57.34
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA xorg-x11-server
SUSE Linux Enterprise Desktop 12 SP3
  • xorg-x11-server >= 7.6_1.18.3-71.1
  • xorg-x11-server-extra >= 7.6_1.18.3-71.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA xorg-x11-server
SUSE Linux Enterprise Server 11 SP1-LTSS
  • xorg-x11-Xvnc >= 7.4-27.40.70.1
  • xorg-x11-server >= 7.4-27.40.70.1
  • xorg-x11-server-extra >= 7.4-27.40.70.1
Patchnames:
slessp1-xorg-x11-Xvnc
SUSE Linux Enterprise Server 11 SP2
  • xorg-x11-Xvnc >= 7.4-27.70.74.1
  • xorg-x11-server >= 7.4-27.70.74.1
  • xorg-x11-server-extra >= 7.4-27.70.74.1
Patchnames:
slessp2-xorg-x11-Xvnc
SUSE Linux Enterprise Server 11 SP3
  • xorg-x11-Xvnc >= 7.4-27.83.2
  • xorg-x11-server >= 7.4-27.83.2
  • xorg-x11-server-extra >= 7.4-27.83.2
Patchnames:
slessp3-xorg-x11-Xvnc
SUSE Linux Enterprise Server 11 SP4
  • xorg-x11-Xvnc >= 7.4-27.105.1
  • xorg-x11-server >= 7.4-27.105.1
  • xorg-x11-server-extra >= 7.4-27.105.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA xorg-x11-Xvnc
SUSE Linux Enterprise Server 12
  • xorg-x11-server >= 7.6_1.15.2-12.17
  • xorg-x11-server-extra >= 7.6_1.15.2-12.17
Patchnames:
SUSE Linux Enterprise Server 12 GA xorg-x11-server
SUSE Linux Enterprise Server 12 SP1
  • xorg-x11-server >= 7.6_1.15.2-36.21
  • xorg-x11-server-extra >= 7.6_1.15.2-36.21
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA xorg-x11-server
SUSE Linux Enterprise Server 12 SP2
  • xorg-x11-server >= 7.6_1.18.3-57.34
  • xorg-x11-server-extra >= 7.6_1.18.3-57.34
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA xorg-x11-server
SUSE Linux Enterprise Server 12 SP3
  • xorg-x11-server >= 7.6_1.18.3-71.1
  • xorg-x11-server-extra >= 7.6_1.18.3-71.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA xorg-x11-server
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • xorg-x11-server >= 7.6_1.18.3-57.34
  • xorg-x11-server-extra >= 7.6_1.18.3-57.34
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA xorg-x11-server
SUSE Linux Enterprise Server for VMWare 11 SP2
  • xorg-x11-Xvnc >= 7.4-27.70.74.1
  • xorg-x11-server >= 7.4-27.70.74.1
  • xorg-x11-server-extra >= 7.4-27.70.74.1
Patchnames:
slessp2-xorg-x11-Xvnc
SUSE Linux Enterprise Server for VMWare 11 SP3
  • xorg-x11-Xvnc >= 7.4-27.83.2
  • xorg-x11-server >= 7.4-27.83.2
  • xorg-x11-server-extra >= 7.4-27.83.2
Patchnames:
slessp3-xorg-x11-Xvnc
SUSE Linux Enterprise Software Development Kit 11 SP2
  • xorg-x11-server-sdk >= 7.4-27.70.74.1
Patchnames:
sdksp2-xorg-x11-Xvnc
SUSE Linux Enterprise Software Development Kit 11 SP3
  • xorg-x11-server-sdk >= 7.4-27.83.2
Patchnames:
sdksp3-xorg-x11-Xvnc
SUSE Linux Enterprise Software Development Kit 11 SP4
  • xorg-x11-server-sdk >= 7.4-27.105.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA xorg-x11-server-sdk
SUSE Linux Enterprise Software Development Kit 12
  • xorg-x11-server-sdk >= 7.6_1.15.2-12.17
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA xorg-x11-server-sdk
SUSE Linux Enterprise Software Development Kit 12 SP1
  • xorg-x11-server-sdk >= 7.6_1.15.2-36.21
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA xorg-x11-server-sdk
SUSE Linux Enterprise Software Development Kit 12 SP2
  • xorg-x11-server-sdk >= 7.6_1.18.3-57.34
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA xorg-x11-server-sdk
SUSE Linux Enterprise Software Development Kit 12 SP3
  • xorg-x11-server-sdk >= 7.6_1.18.3-71.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA xorg-x11-server-sdk
SUSE Linux Enterprise Software Development Kit 11 SP3
  • xorg-x11-server-sdk >= 7.4-27.83.2
Builds
SAT Patch Nr: 8464
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • xorg-x11-Xvnc >= 7.4-27.83.2
  • xorg-x11-server >= 7.4-27.83.2
  • xorg-x11-server-extra >= 7.4-27.83.2
Builds
SAT Patch Nr: 8464
SUSE Linux Enterprise Software Development Kit 11 SP2
  • xorg-x11-server-sdk >= 7.4-27.70.74.1
Builds
SAT Patch Nr: 8463
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • xorg-x11-Xvnc >= 7.4-27.70.74.1
  • xorg-x11-server >= 7.4-27.70.74.1
  • xorg-x11-server-extra >= 7.4-27.70.74.1
Builds
SAT Patch Nr: 8463
SUSE Linux Enterprise Server 11 SP1 LTSS
  • xorg-x11-Xvnc >= 7.4-27.40.70.1
  • xorg-x11-server >= 7.4-27.40.70.1
  • xorg-x11-server-extra >= 7.4-27.40.70.1
Builds
SAT Patch Nr: 9126
openSUSE 12.3
  • xorg-x11-server >= 7.6_1.13.2-1.17.1
  • xorg-x11-server-debuginfo >= 7.6_1.13.2-1.17.1
  • xorg-x11-server-debugsource >= 7.6_1.13.2-1.17.1
  • xorg-x11-server-extra >= 7.6_1.13.2-1.17.1
  • xorg-x11-server-extra-debuginfo >= 7.6_1.13.2-1.17.1
  • xorg-x11-server-sdk >= 7.6_1.13.2-1.17.1
Patchnames:
openSUSE-2013-807
openSUSE Leap 42.1
  • xorg-x11-server >= 7.6_1.17.2-7.3
  • xorg-x11-server-extra >= 7.6_1.17.2-7.3
  • xorg-x11-server-sdk >= 7.6_1.17.2-7.3
Patchnames:
openSUSE Leap 42.1 GA xorg-x11-server
openSUSE Leap 42.2
  • xorg-x11-server >= 7.6_1.18.3-2.7
  • xorg-x11-server-extra >= 7.6_1.18.3-2.7
  • xorg-x11-server-sdk >= 7.6_1.18.3-2.7
Patchnames:
openSUSE Leap 42.2 GA xorg-x11-server
openSUSE Leap 42.3
  • xorg-x11-server >= 7.6_1.18.3-17.1
  • xorg-x11-server-extra >= 7.6_1.18.3-17.1
  • xorg-x11-server-sdk >= 7.6_1.18.3-17.1
Patchnames:
openSUSE Leap 42.3 GA xorg-x11-server
openSUSE Tumbleweed
  • xorg-x11-server >= 7.6_1.18.4-2.1
  • xorg-x11-server-extra >= 7.6_1.18.4-2.1
  • xorg-x11-server-sdk >= 7.6_1.18.4-2.1
  • xorg-x11-server-source >= 7.6_1.18.4-2.1
  • xorg-x11-server-wayland >= 7.6_1.18.4-2.1
Patchnames:
openSUSE Tumbleweed GA xorg-x11-server


Status of this issue by product and package

Product(s) Source package State
SUSE Linux Enterprise Desktop 11 SP1 xorg-x11-server Released
SUSE Linux Enterprise Desktop 11 SP2 xorg-x11-server Released
SUSE Linux Enterprise Desktop 11 SP3 xorg-x11-server Released
SUSE Linux Enterprise Desktop 11 SP4 xorg-x11-server Released
SUSE Linux Enterprise SDK 11 SP1 xorg-x11-server Released
SUSE Linux Enterprise SDK 11 SP2 xorg-x11-server Released
SUSE Linux Enterprise SDK 11 SP3 xorg-x11-server Released
SUSE Linux Enterprise SDK 11 SP4 xorg-x11-server Released
SUSE Linux Enterprise Server 11 SP1 xorg-x11-server Released
SUSE Linux Enterprise Server 11 SP1 LTSS xorg-x11-server Released
SUSE Linux Enterprise Server 11 SP2 xorg-x11-server Released
SUSE Linux Enterprise Server 11 SP2 LTSS xorg-x11-server Released
SUSE Linux Enterprise Server 11 SP3 xorg-x11-server Released
SUSE Linux Enterprise Server 11 SP3 LTSS xorg-x11-server Released
SUSE Linux Enterprise Server 11 SP4 xorg-x11-server Released
SUSE Linux Enterprise Server for SAP 11 SP2 xorg-x11-server Released
SUSE Linux Enterprise Server for SAP AIO 11 SP1 xorg-x11-server Released
SUSE Linux Enterprise Server for SAP ES 11 SP1 xorg-x11-server Released