SUSE-SU-2014:0898-1: moderate: Security update for xorg-x11-libXt

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jul 15 17:04:14 MDT 2014 

   SUSE Security Update: Security update for xorg-x11-libXt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0898-1
Rating:             moderate
References:         #815451 #821670 
Cross-References:   CVE-2013-2002 CVE-2013-2005
Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 LTSS
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:


   This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of
   xorg-x11-libXt, fixing security issues.

   These issues require connection to a malicious X server to trigger the
   bugs in client libraries.

       * CVE-2013-2002: Buffer overflow in X.org libXt allowed X servers to
         cause a denial of service (crash) and possibly execute arbitrary
         code via crafted length or index values to the
         _XtResourceConfigurationEH function.
       * CVE-2013-2005: X.org libXt did not check the return value of the
         XGetWindowProperty function, which allowed X servers to trigger use
         of an uninitialized pointer and memory corruption via vectors
   related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut,
   (4) HandleNormal, and (5) HandleSelectionReplies functions.

   Security Issues references:

       * CVE-2013-2002
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002>
       * CVE-2013-2005
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005>


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-xorg-x11-libXt-9390

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):

      xorg-x11-libXt-7.4-1.19.8

   - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64):

      xorg-x11-libXt-32bit-7.4-1.19.8


References:

   http://support.novell.com/security/cve/CVE-2013-2002.html
   http://support.novell.com/security/cve/CVE-2013-2005.html
   https://bugzilla.novell.com/815451
   https://bugzilla.novell.com/821670
   http://download.suse.com/patch/finder/?keywords=827019064a88342eab5f5c1cd0d70a80

More information about the sle-security-updates mailing list