Mageia Bugzilla – Bug 9790
x11-server new security issue CVE-2013-1940
Last modified: 2013-05-09 12:37:54 CEST
Debian and Ubuntu have issued advisories on April 17:
Thomas Backlund fixed it in Cauldron yesterday with x11-server-1.13.4-1.mga3.
Patched package uploaded for Mageia 2.
Patched added in Mageia 1 SVN.
Updated x11-server packages fix security vulnerability:
It was discovered that the X.Org X server did not properly clear input
events in certain circumstances. A local attacker with physical access
could use this flaw to capture keystrokes (CVE-2013-1940).
Updated packages in core/updates_testing:
Steps to Reproduce:
Testing MGA2-32. Unable to reproduce bug under switch conditions with KDE. The PoC used gnome, which won't allow user switching without GDM as display manager.
Tested general use, all OK. Tried switching again, still no pw in the text editor of first account.
Testing complete mga2 64
All tty's still ok, syslog still on tty12, KDM/KDE ok. Rebooted ok.
Advisory & srpm in comment 0
Could sysadmin please push from core/updates_testing to core/updates