xdm-1.1.12-16.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11519 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z xdm-1.1.12-16.3 on GA media These are all security issues fixed in the xdm-1.1.12-16.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11519 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11519 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2013-2179/ SUSE CVE CVE-2013-2179 page openSUSE Tumbleweed xdm-1.1.12-16.3 xdm-xsession-1.1.12-16.3 xdm-1.1.12-16.3 as a component of openSUSE Tumbleweed xdm-xsession-1.1.12-16.3 as a component of openSUSE Tumbleweed X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the "!" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode. CVE-2013-2179 openSUSE Tumbleweed:xdm-1.1.12-16.3 openSUSE Tumbleweed:xdm-xsession-1.1.12-16.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2179.html CVE-2013-2179 https://bugzilla.suse.com/824884 SUSE Bug 824884