SUSE-SU-2014:0898-1: moderate: Security update for xorg-x11-libXt

sle-security-updates at sle-security-updates at
Tue Jul 15 17:04:14 MDT 2014

   SUSE Security Update: Security update for xorg-x11-libXt

Announcement ID:    SUSE-SU-2014:0898-1
Rating:             moderate
References:         #815451 #821670 
Cross-References:   CVE-2013-2002 CVE-2013-2005
Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 LTSS

   An update that fixes two vulnerabilities is now available.


   This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of
   xorg-x11-libXt, fixing security issues.

   These issues require connection to a malicious X server to trigger the
   bugs in client libraries.

       * CVE-2013-2002: Buffer overflow in libXt allowed X servers to
         cause a denial of service (crash) and possibly execute arbitrary
         code via crafted length or index values to the
         _XtResourceConfigurationEH function.
       * CVE-2013-2005: libXt did not check the return value of the
         XGetWindowProperty function, which allowed X servers to trigger use
         of an uninitialized pointer and memory corruption via vectors
   related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut,
   (4) HandleNormal, and (5) HandleSelectionReplies functions.

   Security Issues references:

       * CVE-2013-2002
       * CVE-2013-2005

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-xorg-x11-libXt-9390

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):


   - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64):



More information about the sle-security-updates mailing list