openSUSE-SU-2016:3034-1

Опубликовано: 07 дек. 2016

Источник: suse-cvrf

Описание

Security update for X Window System client libraries

This update for X Window System client libraries fixes a class of privilege escalation issues.

A malicious X server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries.

The following libraries have been fixed:

libX11:

plugged a memory leak (boo#1002991, CVE-2016-7942).
insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (boo#1002991, CVE-2016-7942).

libXi:

Integer overflows in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7945).
Insufficient validation of data in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7946).

libXrandr:

Insufficient validation of data from the X server can cause out of boundary memory writes (boo#1003000, CVE-2016-7947, CVE-2016-7948).

Список пакетов

openSUSE Leap 42.1

libX11-1.6.3-9.1

libX11-6-1.6.3-9.1

libX11-6-32bit-1.6.3-9.1

libX11-data-1.6.3-9.1

libX11-devel-1.6.3-9.1

libX11-devel-32bit-1.6.3-9.1

libX11-xcb1-1.6.3-9.1

libX11-xcb1-32bit-1.6.3-9.1

libXi-1.7.5-6.1

libXi-devel-1.7.5-6.1

libXi-devel-32bit-1.7.5-6.1

libXi6-1.7.5-6.1

libXi6-32bit-1.7.5-6.1

libXrandr-1.5.0-5.1

libXrandr-devel-1.5.0-5.1

libXrandr-devel-32bit-1.5.0-5.1

libXrandr2-1.5.0-5.1

libXrandr2-32bit-1.5.0-5.1

openSUSE Leap 42.2

libX11-1.6.3-9.1

libX11-6-1.6.3-9.1

libX11-6-32bit-1.6.3-9.1

libX11-data-1.6.3-9.1

libX11-devel-1.6.3-9.1

libX11-devel-32bit-1.6.3-9.1

libX11-xcb1-1.6.3-9.1

libX11-xcb1-32bit-1.6.3-9.1

libXi-1.7.5-6.1

libXi-devel-1.7.5-6.1

libXi-devel-32bit-1.7.5-6.1

libXi6-1.7.5-6.1

libXi6-32bit-1.7.5-6.1

libXrandr-1.5.0-5.1

libXrandr-devel-1.5.0-5.1

libXrandr-devel-32bit-1.5.0-5.1

libXrandr2-1.5.0-5.1

libXrandr2-32bit-1.5.0-5.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-12/msg00048.html
E-Mail link for openSUSE-SU-2016:3034-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.

Затронутые продукты

openSUSE Leap 42.1:libX11-1.6.3-9.1

openSUSE Leap 42.1:libX11-6-1.6.3-9.1

openSUSE Leap 42.1:libX11-6-32bit-1.6.3-9.1

openSUSE Leap 42.1:libX11-data-1.6.3-9.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-7942.html
CVE-2016-7942
https://bugzilla.suse.com/1002991
SUSE Bug 1002991
https://bugzilla.suse.com/1174752
SUSE Bug 1174752

Описание

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

Затронутые продукты

openSUSE Leap 42.1:libX11-1.6.3-9.1

openSUSE Leap 42.1:libX11-6-1.6.3-9.1

openSUSE Leap 42.1:libX11-6-32bit-1.6.3-9.1

openSUSE Leap 42.1:libX11-data-1.6.3-9.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-7945.html
CVE-2016-7945
https://bugzilla.suse.com/1002998
SUSE Bug 1002998
https://bugzilla.suse.com/1134167
SUSE Bug 1134167
https://bugzilla.suse.com/1159415
SUSE Bug 1159415

Описание

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.

Затронутые продукты

openSUSE Leap 42.1:libX11-1.6.3-9.1

openSUSE Leap 42.1:libX11-6-1.6.3-9.1

openSUSE Leap 42.1:libX11-6-32bit-1.6.3-9.1

openSUSE Leap 42.1:libX11-data-1.6.3-9.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-7946.html
CVE-2016-7946
https://bugzilla.suse.com/1002998
SUSE Bug 1002998
https://bugzilla.suse.com/1134167
SUSE Bug 1134167
https://bugzilla.suse.com/1159415
SUSE Bug 1159415

Описание

Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.

Затронутые продукты

openSUSE Leap 42.1:libX11-1.6.3-9.1

openSUSE Leap 42.1:libX11-6-1.6.3-9.1

openSUSE Leap 42.1:libX11-6-32bit-1.6.3-9.1

openSUSE Leap 42.1:libX11-data-1.6.3-9.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-7947.html
CVE-2016-7947
https://bugzilla.suse.com/1003000
SUSE Bug 1003000
https://bugzilla.suse.com/1159415
SUSE Bug 1159415

Описание

X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.

Затронутые продукты

openSUSE Leap 42.1:libX11-1.6.3-9.1

openSUSE Leap 42.1:libX11-6-1.6.3-9.1

openSUSE Leap 42.1:libX11-6-32bit-1.6.3-9.1

openSUSE Leap 42.1:libX11-data-1.6.3-9.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-7948.html
CVE-2016-7948
https://bugzilla.suse.com/1003000
SUSE Bug 1003000
https://bugzilla.suse.com/1159415
SUSE Bug 1159415

openSUSE-SU-2016:3034-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-7942

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-7945

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-7946

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-7947

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-7948

Описание

Затронутые продукты

Ссылки