CVE-2013-2190
First published: Mon Jul 01 2013(Updated: )
A security flaw was found in the way Clutter, an open source software library for creating rich graphical user interfaces, used to manage translation of hierarchy events in certain circumstances (when underlying device disappeared, causing XIQueryDevice query to throw an error). Physically proximate attackers could use this flaw for example to obtain unauthorized access to gnome-shell session right after system resume (due to gnome-shell crash). Upstream bug: [1] <a href="https://bugzilla.gnome.org/show_bug.cgi?id=701974">https://bugzilla.gnome.org/show_bug.cgi?id=701974</a> References: [2] <a href="http://www.openwall.com/lists/oss-security/2013/06/18/7">http://www.openwall.com/lists/oss-security/2013/06/18/7</a> [3] <a href="http://www.openwall.com/lists/oss-security/2013/06/19/1">http://www.openwall.com/lists/oss-security/2013/06/19/1</a> Relevant upstream patch: [4] <a href="https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e">https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e</a> (against clutter v1.14) [5] <a href="https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab">https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab</a> (against clutter v1.16)
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Clutter Project Clutter | ||
| openSUSE openSUSE | =12.2 | |
| openSUSE openSUSE | =12.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00014.html
- http://www.openwall.com/lists/oss-security/2013/06/19/1
- https://bugzilla.gnome.org/show_bug.cgi?id=701974
- https://bugzilla.redhat.com/show_bug.cgi?id=980111
- https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e
- https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab
- http://www.openwall.com/lists/oss-security/2013/06/18/7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=980116
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-2190
- agent/trending
- agent/tags
- agent/source
- vendor/clutter project
- canonical/clutter project clutter
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/12.2
- version/opensuse opensuse/12.3