Upstream information

CVE-2013-4509 at MITRE

Description

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 1.9
Vector AV:L/AC:M/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 847718 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • ibus-chewing >= 1.4.10.1-2.25
  • ibus-pinyin >= 1.5.0-2.13
Patchnames:
SUSE Linux Enterprise Desktop 12 GA ibus-chewing
SUSE Linux Enterprise Desktop 12 SP1
  • ibus-chewing >= 1.4.10.1-2.25
  • ibus-pinyin >= 1.5.0-2.13
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA ibus-chewing
SUSE Linux Enterprise Desktop 12 SP2
  • ibus-chewing >= 1.4.14-4.11
  • ibus-pinyin >= 1.5.0-7.10
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA ibus-chewing
SUSE Linux Enterprise Desktop 12 SP3
  • ibus-chewing >= 1.4.14-4.11
  • ibus-pinyin >= 1.5.0-11.2
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA ibus-chewing
SUSE Linux Enterprise Server 12
  • ibus-chewing >= 1.4.10.1-2.25
  • ibus-pinyin >= 1.5.0-2.9
Patchnames:
SUSE Linux Enterprise Server 12 GA ibus-chewing
SUSE Linux Enterprise Server 12 SP1
  • ibus-chewing >= 1.4.10.1-2.25
  • ibus-pinyin >= 1.5.0-2.13
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA ibus-chewing
SUSE Linux Enterprise Server 12 SP2
  • ibus-chewing >= 1.4.14-4.11
  • ibus-pinyin >= 1.5.0-7.10
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA ibus-chewing
SUSE Linux Enterprise Server 12 SP3
  • ibus-chewing >= 1.4.14-4.11
  • ibus-pinyin >= 1.5.0-11.2
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA ibus-chewing
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • ibus-chewing >= 1.4.14-4.11
  • ibus-pinyin >= 1.5.0-7.10
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA ibus-chewing
openSUSE 13.1
  • ibus >= 1.5.4-4.1
  • ibus-branding-openSUSE-KDE >= 1.5.4-4.1
  • ibus-chewing >= 1.4.3-4.4.1
  • ibus-chewing-debuginfo >= 1.4.3-4.4.1
  • ibus-debuginfo >= 1.5.4-4.1
  • ibus-debugsource >= 1.5.4-4.1
  • ibus-devel >= 1.5.4-4.1
  • ibus-gtk >= 1.5.4-4.1
  • ibus-gtk-32bit >= 1.5.4-4.1
  • ibus-gtk-debuginfo >= 1.5.4-4.1
  • ibus-gtk-debuginfo-32bit >= 1.5.4-4.1
  • ibus-gtk3 >= 1.5.4-4.1
  • ibus-gtk3-32bit >= 1.5.4-4.1
  • ibus-gtk3-debuginfo >= 1.5.4-4.1
  • ibus-gtk3-debuginfo-32bit >= 1.5.4-4.1
  • ibus-lang >= 1.5.4-4.1
  • ibus-pinyin >= 1.5.0-3.6.1
  • ibus-pinyin-debuginfo >= 1.5.0-3.6.1
  • ibus-pinyin-debugsource >= 1.5.0-3.6.1
  • libibus-1_0-5 >= 1.5.4-4.1
  • libibus-1_0-5-32bit >= 1.5.4-4.1
  • libibus-1_0-5-debuginfo >= 1.5.4-4.1
  • libibus-1_0-5-debuginfo-32bit >= 1.5.4-4.1
  • python-ibus >= 1.5.4-4.1
  • typelib-1_0-IBus-1_0 >= 1.5.4-4.1
Patchnames:
openSUSE-2013-850
openSUSE-2013-939
openSUSE-2014-40
openSUSE Leap 42.1
  • ibus-chewing >= 1.4.14-1.1
  • ibus-pinyin >= 1.5.0-9.2
Patchnames:
openSUSE Leap 42.1 GA ibus-chewing
openSUSE Leap 42.2
  • ibus-chewing >= 1.4.14-2.3
  • ibus-pinyin >= 1.5.0-12.3
Patchnames:
openSUSE Leap 42.2 GA ibus-chewing
openSUSE Leap 42.3
  • ibus-chewing >= 1.4.14-4.2
  • ibus-pinyin >= 1.5.0-15.1
Patchnames:
openSUSE Leap 42.3 GA ibus-chewing
openSUSE Tumbleweed
  • ibus-chewing >= 1.4.14-1.5
  • ibus-pinyin >= 1.5.0-12.2
Patchnames:
openSUSE Tumbleweed GA ibus-chewing