[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1482-1] libx11 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libx11
Version        : 2:1.6.2-3+deb8u2
CVE ID         : CVE-2018-14598 CVE-2018-14599 CVE-2018-14600

Several issues were discovered in libx11, the client interface to the
X Windows System. The functions XGetFontPath, XListExtensions, and
XListFonts are vulnerable to an off-by-one override on malicious
server responses. A malicious server could also send a reply in which
the first string overflows, causing a variable set to NULL that will
be freed later on, leading to a segmentation fault and Denial of
Service. The function XListExtensions in ListExt.c interprets a
variable as signed instead of unsigned, resulting in an out-of-bounds
write (of up to 128 bytes), leading to a Denial of Service or possibly
remote code execution.

For Debian 8 "Jessie", these problems have been fixed in version
2:1.6.2-3+deb8u2.

We recommend that you upgrade your libx11 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluHG45fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTM4xAArqWg86tWEtToPpu0mAOrLnipwgI9l8R7NOBA56Q0ijAaGNObXqXVdH9G
FIe8bP3Stv6utLxGfS8RU3k02KFBIOtKeQNMSOGf/LEMv88Kw6OEVQSp/OrkYsRI
vtxHvMfOC+1Mx1BVnsFvBMR8cqBFMXO+J2xqDD9wSDQu7pS0mRhw+M26fTcPjFOq
Mo2BJRUQEH3hS5huyOlkH87yoHsQRHD5j+/uIo7LdjzmDhCHEXrQHqp5Ho/bUYvl
uj6s7cwczyCYZAjudCmXBKqm942xJy91s4QXiOhw+bwGOPUN5IMb6iYGmS3g/6bN
M+NQQbTwDLOFvzWeDlxJbxpxSz2TLfpO7TVbT0Qc5Luuhq6QsFPtjWh9ORfOFszz
a2HxTaWyx/uQzS4oo1X0BRFxprBE70Nnz/yydFYV7EzEz7fGhmAgzm/YVVfK7fJu
8e8dBvhZix3EBLD3DRiUEBlwJCiV/23wCmiFx2K9vo7miH2nzPTJt+Wx1qao3MKd
SynIew2ZgV/XJ/Yb3UxDz6Xj3b5TpGuuEb1Aws3cScItdE5VEpj4/rnS0FVLNBCm
UcfQY2mpqfDkO5g9g0Y0mPgqNDqTCcyp4Yq9fqoNHANs2ohVDyW/Z4SwqnMGkbOd
bNENnQvc5n71OAT8AvJE753vRul5ZjnjENCf+wycTyaWtHWocvM=
=P8J/
-----END PGP SIGNATURE-----


Reply to: