Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:2934-1

Опубликовано: 28 сент. 2018
Источник: suse-cvrf

Описание

Security update for xorg-x11-libX11

This update for xorg-x11-libX11 fixes the following issues:

  • CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062)
  • CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068)
  • CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073)

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11 SP3-LTSS
xorg-x11-libX11-7.4-5.11.72.9.1
xorg-x11-libX11-32bit-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
xorg-x11-libX11-7.4-5.11.72.9.1
xorg-x11-libX11-32bit-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11 SP4
xorg-x11-libX11-7.4-5.11.72.9.1
xorg-x11-libX11-32bit-7.4-5.11.72.9.1
xorg-x11-libX11-x86-7.4-5.11.72.9.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
xorg-x11-libX11-7.4-5.11.72.9.1
xorg-x11-libX11-32bit-7.4-5.11.72.9.1
xorg-x11-libX11-x86-7.4-5.11.72.9.1
SUSE Linux Enterprise Software Development Kit 11 SP4
xorg-x11-libX11-devel-7.4-5.11.72.9.1
xorg-x11-libX11-devel-32bit-7.4-5.11.72.9.1

Ссылки

Описание

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:xorg-x11-libX11-32bit-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libX11-32bit-7.4-5.11.72.9.1
Ссылки

Описание

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:xorg-x11-libX11-32bit-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libX11-32bit-7.4-5.11.72.9.1
Ссылки

Описание

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:xorg-x11-libX11-32bit-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11 SP3-LTSS:xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libX11-32bit-7.4-5.11.72.9.1
Ссылки