Описание
Security update for xorg-x11-libs
xorg-x11-libs was patched to fix the following security issues:
Further information is available at http://lists.x.org/archives/xorg-announce/2014-May/002431.html http://lists.x.org/archives/xorg-announce/2014-May/002431.html .
Security Issues references:
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP3
Ссылки
- Link for SUSE-SU-2015:0674-1
- E-Mail link for SUSE-SU-2015:0674-1
- SUSE Security Ratings
- SUSE Bug 815451
- SUSE Bug 821663
- SUSE Bug 854915
- SUSE Bug 857544
- SUSE Bug 921978
- SUSE CVE CVE-2013-1984 page
- SUSE CVE CVE-2013-1985 page
- SUSE CVE CVE-2013-1986 page
- SUSE CVE CVE-2013-1988 page
- SUSE CVE CVE-2013-1990 page
- SUSE CVE CVE-2013-1991 page
- SUSE CVE CVE-2013-1992 page
- SUSE CVE CVE-2013-1995 page
- SUSE CVE CVE-2013-1996 page
- SUSE CVE CVE-2013-1998 page
- SUSE CVE CVE-2013-1999 page
- SUSE CVE CVE-2013-2000 page
Описание
Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.
Затронутые продукты
Ссылки
- CVE-2013-1984
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.
Затронутые продукты
Ссылки
- CVE-2013-1985
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions.
Затронутые продукты
Ссылки
- CVE-2013-1986
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions.
Затронутые продукты
Ссылки
- CVE-2013-1988
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions.
Затронутые продукты
Ссылки
- CVE-2013-1990
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions.
Затронутые продукты
Ссылки
- CVE-2013-1991
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.
Затронутые продукты
Ссылки
- CVE-2013-1992
- SUSE Bug 815451
- SUSE Bug 821663
Описание
X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.
Затронутые продукты
Ссылки
- CVE-2013-1995
- SUSE Bug 815451
- SUSE Bug 821663
Описание
X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function.
Затронутые продукты
Ссылки
- CVE-2013-1996
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions.
Затронутые продукты
Ссылки
- CVE-2013-1998
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function.
Затронутые продукты
Ссылки
- CVE-2013-1999
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions.
Затронутые продукты
Ссылки
- CVE-2013-2000
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.
Затронутые продукты
Ссылки
- CVE-2013-2001
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function.
Затронутые продукты
Ссылки
- CVE-2013-2003
- SUSE Bug 1065386
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.
Затронутые продукты
Ссылки
- CVE-2013-2063
- SUSE Bug 815451
- SUSE Bug 821663
Описание
Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.
Затронутые продукты
Ссылки
- CVE-2013-6462
- SUSE Bug 854915
- SUSE Bug 882908
Описание
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
Затронутые продукты
Ссылки
- CVE-2014-0209
- SUSE Bug 857544
Описание
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.
Затронутые продукты
Ссылки
- CVE-2014-0210
- SUSE Bug 857544
Описание
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2014-0211
- SUSE Bug 857544
Описание
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
Затронутые продукты
Ссылки
- CVE-2015-1802
- SUSE Bug 921978
Описание
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
Затронутые продукты
Ссылки
- CVE-2015-1803
- SUSE Bug 921978
Описание
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
Затронутые продукты
Ссылки
- CVE-2015-1804
- SUSE Bug 921978