SUSE-SU-2014:0881-1: moderate: Security update for xorg-x11-libs

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jul 9 12:04:13 MDT 2014


   SUSE Security Update: Security update for xorg-x11-libs
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0881-1
Rating:             moderate
References:         #815451 #821663 #854915 #857544 
Cross-References:   CVE-2013-1984 CVE-2013-1985 CVE-2013-1986
                    CVE-2013-1988 CVE-2013-1990 CVE-2013-1991
                    CVE-2013-1992 CVE-2013-1995 CVE-2013-1996
                    CVE-2013-1998 CVE-2013-1999 CVE-2013-2000
                    CVE-2013-2001 CVE-2013-2003 CVE-2013-2063
                    CVE-2013-6462 CVE-2014-0209 CVE-2014-0210
                    CVE-2014-0211
Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 LTSS
______________________________________________________________________________

   An update that fixes 19 vulnerabilities is now available.

Description:


   This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of
   xorg-x11-libs, fixing security issues and some bugs.

   These issues require connection to a malicious X server to trigger the
   bugs in client libraries.

   Security issues fixed:

       * CVE-2013-1984: Multiple integer overflows in X.org libXi allowed X
         servers to trigger allocation of insufficient memory and a buffer
         overflow via vectors related to the (1) XGetDeviceControl, (2)
   XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4)
   XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7)
   XGetDeviceProperties, and (8) XListInputDevices functions.
       * CVE-2013-1985: Integer overflow in X.org libXinerama allowed X
         servers to trigger allocation of insufficient memory and a buffer
         overflow via vectors related to the XineramaQueryScreens function.
       * CVE-2013-1986: Multiple integer overflows in X.org libXrandr allowed
         X servers to trigger allocation of insufficient memory and a buffer
         overflow via vectors related to the (1) XRRQueryOutputProperty and
   (2) XRRQueryProviderProperty functions.
       * CVE-2013-1988: Multiple integer overflows in X.org libXRes allowed X
         servers to trigger allocation of insufficient memory and a buffer
         overflow via vectors related to the (1) XResQueryClients and (2)
   XResQueryClientResources functions.
       * CVE-2013-1990: Multiple integer overflows in X.org libXvMC allowed X
         servers to trigger allocation of insufficient memory and a buffer
         overflow via vectors related to the (1) XvMCListSurfaceTypes and (2)
   XvMCListSubpictureTypes functions.
       * CVE-2013-1991: Multiple integer overflows in X.org libXxf86dga
         allowed X servers to trigger allocation of insufficient memory and a
         buffer overflow via vectors related to the (1) XDGAQueryModes and
         (2) XDGASetMode functions.
       * CVE-2013-1992: Multiple integer overflows in X.org libdmx allowed X
         servers to trigger allocation of insufficient memory and a buffer
         overflow via vectors related to the (1) DMXGetScreenAttributes, (2)
   DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.
       * CVE-2013-1995: X.org libXi allowed X servers to trigger allocation
         of insufficient memory and a buffer overflow via vectors related to
         an unexpected sign extension in the XListInputDevices function.
       * CVE-2013-1996: X.org libFS allowed X servers to trigger allocation
         of insufficient memory and a buffer overflow via vectors related to
         an unexpected sign extension in the FSOpenServer function.
       * CVE-2013-1998: Multiple buffer overflows in X.org libXi allowed X
         servers to cause a denial of service (crash) and possibly execute
         arbitrary code via crafted length or index values to the (1)
         XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3)
         XQueryDeviceState functions.
       * CVE-2013-1999: Buffer overflow in X.org libXvMC allowed X servers to
         cause a denial of service (crash) and possibly execute arbitrary
         code via crafted length or index values to the XvMCGetDRInfo
         function.
       * CVE-2013-2000: Multiple buffer overflows in X.org libXxf86dga
         allowed X servers to cause a denial of service (crash) and possibly
         execute arbitrary code via crafted length or index values to the (1)
         XDGAQueryModes and (2) XDGASetMode functions.
       * CVE-2013-2001: Buffer overflow in X.org libXxf86vm allowed X servers
         to cause a denial of service (crash) and possibly execute arbitrary
         code via crafted length or index values to the
         XF86VidModeGetGammaRamp function.
       * CVE-2013-2003: Integer overflow in X.org libXcursor allowed X
         servers to trigger allocation of insufficient memory and a buffer
         overflow via vectors related to the _XcursorFileHeaderCreate
         function.
       * CVE-2013-2063: Integer overflow in X.org libXtst allowed X servers
         to trigger allocation of insufficient memory and a buffer overflow
         via vectors related to the XRecordGetContext function.
       * CVE-2013-6462: Stack-based buffer overflow in the bdfReadCharacters
         function in bitmap/bdfread.c in X.Org libXfont allowed remote
         attackers to cause a denial of service (crash) or possibly execute
         arbitrary code via a long string in a character name in a BDF font
         file.
       * CVE-2014-0209: Multiple integer overflows in the (1)
         FontFileAddEntry and (2) lexAlias functions in X.Org libXfont might
         have allowed local users to gain privileges by adding a directory
         with a large fonts.dir
         or fonts.alias file to the font path, which triggers a heap-based
   buffer overflow, related to metadata.
       * CVE-2014-0210: Multiple buffer overflows in X.Org libXfont allowed
         remote font servers to execute arbitrary code via a crafted xfs
         protocol reply to the (1) _fs_recv_conn_setup, (2)
         fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info,
         (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info
         function.
       * CVE-2014-0211: Multiple integer overflows in the (1) fs_get_reply,
         (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org
         libXfont allowed remote font servers to execute arbitrary code via a
         crafted xfs reply, which triggers a buffer overflow.

   Additionally, one non-security issue has been fixed:

       * XListDev: String size is unsigned char: Make char pointer to the
         device name & device name len unsigned otherwise we will segfault on
         device names > 128 characters.

   Security Issues references:

       * CVE-2013-1984
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1984>
       * CVE-2013-1985
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1985>
       * CVE-2013-1986
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1986>
       * CVE-2013-1988
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988>
       * CVE-2013-1990
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1990>
       * CVE-2013-1991
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1991>
       * CVE-2013-1992
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1992>
       * CVE-2013-1995
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1995>
       * CVE-2013-1996
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1996>
       * CVE-2013-1998
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1998>
       * CVE-2013-1999
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1999>
       * CVE-2013-2000
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2000>
       * CVE-2013-2001
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2001>
       * CVE-2013-2003
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2003>
       * CVE-2013-2063
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2063>
       * CVE-2013-6462
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462>
       * CVE-2014-0209
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209>
       * CVE-2014-0210
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210>
       * CVE-2014-0211
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211>


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-xorg-x11-devel-9391

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):

      xorg-x11-libs-7.4-8.26.42.4

   - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64):

      xorg-x11-libs-32bit-7.4-8.26.42.4


References:

   http://support.novell.com/security/cve/CVE-2013-1984.html
   http://support.novell.com/security/cve/CVE-2013-1985.html
   http://support.novell.com/security/cve/CVE-2013-1986.html
   http://support.novell.com/security/cve/CVE-2013-1988.html
   http://support.novell.com/security/cve/CVE-2013-1990.html
   http://support.novell.com/security/cve/CVE-2013-1991.html
   http://support.novell.com/security/cve/CVE-2013-1992.html
   http://support.novell.com/security/cve/CVE-2013-1995.html
   http://support.novell.com/security/cve/CVE-2013-1996.html
   http://support.novell.com/security/cve/CVE-2013-1998.html
   http://support.novell.com/security/cve/CVE-2013-1999.html
   http://support.novell.com/security/cve/CVE-2013-2000.html
   http://support.novell.com/security/cve/CVE-2013-2001.html
   http://support.novell.com/security/cve/CVE-2013-2003.html
   http://support.novell.com/security/cve/CVE-2013-2063.html
   http://support.novell.com/security/cve/CVE-2013-6462.html
   http://support.novell.com/security/cve/CVE-2014-0209.html
   http://support.novell.com/security/cve/CVE-2014-0210.html
   http://support.novell.com/security/cve/CVE-2014-0211.html
   https://bugzilla.novell.com/815451
   https://bugzilla.novell.com/821663
   https://bugzilla.novell.com/854915
   https://bugzilla.novell.com/857544
   http://download.suse.com/patch/finder/?keywords=f7b66bb8d10aeae2b91fccd0d169c8f3



More information about the sle-security-updates mailing list