DSA-2661-1 xorg-server -- information disclosureID: oval:org.secpod.oval:def:601005 | Date: (C)2013-04-18 (M)2022-10-10 |
Class: PATCH | Family: unix |
David Airlie and Peter Hutterer of Red Hat discovered that xorg-server, the Xorg X server was vulnerable to an information disclosure flaw related to input handling and devices hotplug. When an X server is running but not on front , a newly plugged input device would still be recognized and handled by the X server, which would actually transmit input events to its clients on the background. This could allow an attacker to recover some input events not intended for the X clients, including sensitive information.
Product: |
xserver-xorg-core |