SUSE-SU-2014:0881-1: moderate: Security update for xorg-x11-libs
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Jul 9 12:04:13 MDT 2014
SUSE Security Update: Security update for xorg-x11-libs
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0881-1
Rating: moderate
References: #815451 #821663 #854915 #857544
Cross-References: CVE-2013-1984 CVE-2013-1985 CVE-2013-1986
CVE-2013-1988 CVE-2013-1990 CVE-2013-1991
CVE-2013-1992 CVE-2013-1995 CVE-2013-1996
CVE-2013-1998 CVE-2013-1999 CVE-2013-2000
CVE-2013-2001 CVE-2013-2003 CVE-2013-2063
CVE-2013-6462 CVE-2014-0209 CVE-2014-0210
CVE-2014-0211
Affected Products:
SUSE Linux Enterprise Server 11 SP1 LTSS
______________________________________________________________________________
An update that fixes 19 vulnerabilities is now available.
Description:
This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of
xorg-x11-libs, fixing security issues and some bugs.
These issues require connection to a malicious X server to trigger the
bugs in client libraries.
Security issues fixed:
* CVE-2013-1984: Multiple integer overflows in X.org libXi allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XGetDeviceControl, (2)
XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4)
XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7)
XGetDeviceProperties, and (8) XListInputDevices functions.
* CVE-2013-1985: Integer overflow in X.org libXinerama allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the XineramaQueryScreens function.
* CVE-2013-1986: Multiple integer overflows in X.org libXrandr allowed
X servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XRRQueryOutputProperty and
(2) XRRQueryProviderProperty functions.
* CVE-2013-1988: Multiple integer overflows in X.org libXRes allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XResQueryClients and (2)
XResQueryClientResources functions.
* CVE-2013-1990: Multiple integer overflows in X.org libXvMC allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XvMCListSurfaceTypes and (2)
XvMCListSubpictureTypes functions.
* CVE-2013-1991: Multiple integer overflows in X.org libXxf86dga
allowed X servers to trigger allocation of insufficient memory and a
buffer overflow via vectors related to the (1) XDGAQueryModes and
(2) XDGASetMode functions.
* CVE-2013-1992: Multiple integer overflows in X.org libdmx allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) DMXGetScreenAttributes, (2)
DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.
* CVE-2013-1995: X.org libXi allowed X servers to trigger allocation
of insufficient memory and a buffer overflow via vectors related to
an unexpected sign extension in the XListInputDevices function.
* CVE-2013-1996: X.org libFS allowed X servers to trigger allocation
of insufficient memory and a buffer overflow via vectors related to
an unexpected sign extension in the FSOpenServer function.
* CVE-2013-1998: Multiple buffer overflows in X.org libXi allowed X
servers to cause a denial of service (crash) and possibly execute
arbitrary code via crafted length or index values to the (1)
XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3)
XQueryDeviceState functions.
* CVE-2013-1999: Buffer overflow in X.org libXvMC allowed X servers to
cause a denial of service (crash) and possibly execute arbitrary
code via crafted length or index values to the XvMCGetDRInfo
function.
* CVE-2013-2000: Multiple buffer overflows in X.org libXxf86dga
allowed X servers to cause a denial of service (crash) and possibly
execute arbitrary code via crafted length or index values to the (1)
XDGAQueryModes and (2) XDGASetMode functions.
* CVE-2013-2001: Buffer overflow in X.org libXxf86vm allowed X servers
to cause a denial of service (crash) and possibly execute arbitrary
code via crafted length or index values to the
XF86VidModeGetGammaRamp function.
* CVE-2013-2003: Integer overflow in X.org libXcursor allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the _XcursorFileHeaderCreate
function.
* CVE-2013-2063: Integer overflow in X.org libXtst allowed X servers
to trigger allocation of insufficient memory and a buffer overflow
via vectors related to the XRecordGetContext function.
* CVE-2013-6462: Stack-based buffer overflow in the bdfReadCharacters
function in bitmap/bdfread.c in X.Org libXfont allowed remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a long string in a character name in a BDF font
file.
* CVE-2014-0209: Multiple integer overflows in the (1)
FontFileAddEntry and (2) lexAlias functions in X.Org libXfont might
have allowed local users to gain privileges by adding a directory
with a large fonts.dir
or fonts.alias file to the font path, which triggers a heap-based
buffer overflow, related to metadata.
* CVE-2014-0210: Multiple buffer overflows in X.Org libXfont allowed
remote font servers to execute arbitrary code via a crafted xfs
protocol reply to the (1) _fs_recv_conn_setup, (2)
fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info,
(5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info
function.
* CVE-2014-0211: Multiple integer overflows in the (1) fs_get_reply,
(2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org
libXfont allowed remote font servers to execute arbitrary code via a
crafted xfs reply, which triggers a buffer overflow.
Additionally, one non-security issue has been fixed:
* XListDev: String size is unsigned char: Make char pointer to the
device name & device name len unsigned otherwise we will segfault on
device names > 128 characters.
Security Issues references:
* CVE-2013-1984
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1984>
* CVE-2013-1985
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1985>
* CVE-2013-1986
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1986>
* CVE-2013-1988
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988>
* CVE-2013-1990
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1990>
* CVE-2013-1991
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1991>
* CVE-2013-1992
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1992>
* CVE-2013-1995
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1995>
* CVE-2013-1996
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1996>
* CVE-2013-1998
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1998>
* CVE-2013-1999
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1999>
* CVE-2013-2000
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2000>
* CVE-2013-2001
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2001>
* CVE-2013-2003
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2003>
* CVE-2013-2063
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2063>
* CVE-2013-6462
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462>
* CVE-2014-0209
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209>
* CVE-2014-0210
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210>
* CVE-2014-0211
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP1 LTSS:
zypper in -t patch slessp1-xorg-x11-devel-9391
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):
xorg-x11-libs-7.4-8.26.42.4
- SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64):
xorg-x11-libs-32bit-7.4-8.26.42.4
References:
http://support.novell.com/security/cve/CVE-2013-1984.html
http://support.novell.com/security/cve/CVE-2013-1985.html
http://support.novell.com/security/cve/CVE-2013-1986.html
http://support.novell.com/security/cve/CVE-2013-1988.html
http://support.novell.com/security/cve/CVE-2013-1990.html
http://support.novell.com/security/cve/CVE-2013-1991.html
http://support.novell.com/security/cve/CVE-2013-1992.html
http://support.novell.com/security/cve/CVE-2013-1995.html
http://support.novell.com/security/cve/CVE-2013-1996.html
http://support.novell.com/security/cve/CVE-2013-1998.html
http://support.novell.com/security/cve/CVE-2013-1999.html
http://support.novell.com/security/cve/CVE-2013-2000.html
http://support.novell.com/security/cve/CVE-2013-2001.html
http://support.novell.com/security/cve/CVE-2013-2003.html
http://support.novell.com/security/cve/CVE-2013-2063.html
http://support.novell.com/security/cve/CVE-2013-6462.html
http://support.novell.com/security/cve/CVE-2014-0209.html
http://support.novell.com/security/cve/CVE-2014-0210.html
http://support.novell.com/security/cve/CVE-2014-0211.html
https://bugzilla.novell.com/815451
https://bugzilla.novell.com/821663
https://bugzilla.novell.com/854915
https://bugzilla.novell.com/857544
http://download.suse.com/patch/finder/?keywords=f7b66bb8d10aeae2b91fccd0d169c8f3
More information about the sle-security-updates
mailing list