CVE-2013-2190
First published: Mon Jul 01 2013(Updated: )
A security flaw was found in the way Clutter, an open source software library for creating rich graphical user interfaces, used to manage translation of hierarchy events in certain circumstances (when underlying device disappeared, causing XIQueryDevice query to throw an error). Physically proximate attackers could use this flaw for example to obtain unauthorized access to gnome-shell session right after system resume (due to gnome-shell crash). Upstream bug: [1] <a href="https://bugzilla.gnome.org/show_bug.cgi?id=701974">https://bugzilla.gnome.org/show_bug.cgi?id=701974</a> References: [2] <a href="http://www.openwall.com/lists/oss-security/2013/06/18/7">http://www.openwall.com/lists/oss-security/2013/06/18/7</a> [3] <a href="http://www.openwall.com/lists/oss-security/2013/06/19/1">http://www.openwall.com/lists/oss-security/2013/06/19/1</a> Relevant upstream patch: [4] <a href="https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e">https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e</a> (against clutter v1.14) [5] <a href="https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab">https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab</a> (against clutter v1.16)
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libclutter-1.0-0 | ||
| SUSE Linux | =12.2 | |
| SUSE Linux | =12.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00014.html
- http://www.openwall.com/lists/oss-security/2013/06/19/1
- https://bugzilla.gnome.org/show_bug.cgi?id=701974
- https://bugzilla.redhat.com/show_bug.cgi?id=980111
- https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e
- https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab
- http://www.openwall.com/lists/oss-security/2013/06/18/7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=980116
Frequently Asked Questions
What is the severity of CVE-2013-2190?
CVE-2013-2190 is rated as a moderate severity vulnerability due to potential impact on system stability and user interface behavior.
How do I fix CVE-2013-2190?
To fix CVE-2013-2190, update Clutter to a version that applies the necessary security patches or consider applying workarounds if available.
What systems are affected by CVE-2013-2190?
CVE-2013-2190 affects Clutter and specifically the openSUSE versions 12.2 and 12.3.
What type of vulnerability is CVE-2013-2190?
CVE-2013-2190 is a security flaw in the Clutter library related to event handling during device disappearance.
Is there any data loss associated with CVE-2013-2190?
CVE-2013-2190 does not directly indicate a risk of data loss, but it may affect user interface responsiveness and system usability.
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-2190
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/clutter project
- canonical/libclutter-1.0-0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/12.2
- version/suse linux/12.3