Описание
Security update for X Window System client libraries
This update for the X Window System client libraries fixes a class of privilege escalation issues.
A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries.
libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically:
libX11:
- CVE-2016-7942: insufficient validation of data from the X server allowed out of boundary memory read (bsc#1002991)
libXfixes:
- CVE-2016-7944: insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995)
libXi:
- CVE-2016-7945, CVE-2016-7946: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998)
libXtst:
- CVE-2016-7951, CVE-2016-7952: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012)
libXv:
- CVE-2016-5407: insufficient validation of data from the X server can cause out of boundary memory and memory corruption (bsc#1003017)
libXvMC:
- CVE-2016-7953: insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023)
libXrender:
- CVE-2016-7949, CVE-2016-7950: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002)
libXrandr:
- CVE-2016-7947, CVE-2016-7948: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP2
Ссылки
- Link for SUSE-SU-2016:2828-1
- E-Mail link for SUSE-SU-2016:2828-1
- SUSE Security Ratings
- SUSE Bug 1002991
- SUSE Bug 1002995
- SUSE Bug 1002998
- SUSE Bug 1003000
- SUSE Bug 1003002
- SUSE Bug 1003012
- SUSE Bug 1003017
- SUSE Bug 1003023
- SUSE CVE CVE-2016-5407 page
- SUSE CVE CVE-2016-7942 page
- SUSE CVE CVE-2016-7944 page
- SUSE CVE CVE-2016-7945 page
- SUSE CVE CVE-2016-7946 page
- SUSE CVE CVE-2016-7947 page
- SUSE CVE CVE-2016-7948 page
- SUSE CVE CVE-2016-7949 page
- SUSE CVE CVE-2016-7950 page
Описание
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.
Затронутые продукты
Ссылки
- CVE-2016-5407
- SUSE Bug 1003017
- SUSE Bug 1123148
Описание
The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.
Затронутые продукты
Ссылки
- CVE-2016-7942
- SUSE Bug 1002991
- SUSE Bug 1174752
Описание
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
Затронутые продукты
Ссылки
- CVE-2016-7944
- SUSE Bug 1002995
Описание
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.
Затронутые продукты
Ссылки
- CVE-2016-7945
- SUSE Bug 1002998
- SUSE Bug 1134167
- SUSE Bug 1159415
Описание
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.
Затронутые продукты
Ссылки
- CVE-2016-7946
- SUSE Bug 1002998
- SUSE Bug 1134167
- SUSE Bug 1159415
Описание
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
Затронутые продукты
Ссылки
- CVE-2016-7947
- SUSE Bug 1003000
- SUSE Bug 1159415
Описание
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.
Затронутые продукты
Ссылки
- CVE-2016-7948
- SUSE Bug 1003000
- SUSE Bug 1159415
Описание
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.
Затронутые продукты
Ссылки
- CVE-2016-7949
- SUSE Bug 1003002
- SUSE Bug 1015442
- SUSE Bug 1123146
Описание
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.
Затронутые продукты
Ссылки
- CVE-2016-7950
- SUSE Bug 1003002
- SUSE Bug 1015442
- SUSE Bug 1123146
Описание
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
Затронутые продукты
Ссылки
- CVE-2016-7951
- SUSE Bug 1003012
- SUSE Bug 1159415
Описание
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.
Затронутые продукты
Ссылки
- CVE-2016-7952
- SUSE Bug 1003012
- SUSE Bug 1159415
Описание
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.
Затронутые продукты
Ссылки
- CVE-2016-7953
- SUSE Bug 1003023
- SUSE Bug 1159415