openSUSE Security Update: Security update for X Window System client libraries ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:3034-1 Rating: moderate References: #1002991 #1002998 #1003000 Cross-References: CVE-2016-7942 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 openSUSE 13.2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for X Window System client libraries fixes a class of privilege escalation issues. A malicious X server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. The following libraries have been fixed: libX11: - plugged a memory leak (boo#1002991, CVE-2016-7942). - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (boo#1002991, CVE-2016-7942). libXi: - Integer overflows in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7945). - Insufficient validation of data in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7946). libXrandr: - Insufficient validation of data from the X server can cause out of boundary memory writes (boo#1003000, CVE-2016-7947, CVE-2016-7948). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2016-1420=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1420=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-1420=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): libXrandr-debugsource-1.5.0-5.1 libXrandr-devel-1.5.0-5.1 libXrandr2-1.5.0-5.1 libXrandr2-debuginfo-1.5.0-5.1 - openSUSE Leap 42.2 (x86_64): libXrandr-devel-32bit-1.5.0-5.1 libXrandr2-32bit-1.5.0-5.1 libXrandr2-debuginfo-32bit-1.5.0-5.1 - openSUSE Leap 42.1 (i586 x86_64): libX11-6-1.6.3-9.1 libX11-6-debuginfo-1.6.3-9.1 libX11-debugsource-1.6.3-9.1 libX11-devel-1.6.3-9.1 libX11-xcb1-1.6.3-9.1 libX11-xcb1-debuginfo-1.6.3-9.1 libXi-debugsource-1.7.5-6.1 libXi-devel-1.7.5-6.1 libXi6-1.7.5-6.1 libXi6-debuginfo-1.7.5-6.1 - openSUSE Leap 42.1 (x86_64): libX11-6-32bit-1.6.3-9.1 libX11-6-debuginfo-32bit-1.6.3-9.1 libX11-devel-32bit-1.6.3-9.1 libX11-xcb1-32bit-1.6.3-9.1 libX11-xcb1-debuginfo-32bit-1.6.3-9.1 libXi-devel-32bit-1.7.5-6.1 libXi6-32bit-1.7.5-6.1 libXi6-debuginfo-32bit-1.7.5-6.1 - openSUSE Leap 42.1 (noarch): libX11-data-1.6.3-9.1 - openSUSE 13.2 (i586 x86_64): libX11-6-1.6.2-5.6.1 libX11-6-debuginfo-1.6.2-5.6.1 libX11-debugsource-1.6.2-5.6.1 libX11-devel-1.6.2-5.6.1 libX11-xcb1-1.6.2-5.6.1 libX11-xcb1-debuginfo-1.6.2-5.6.1 libXi-debugsource-1.7.4-2.3.1 libXi-devel-1.7.4-2.3.1 libXi6-1.7.4-2.3.1 libXi6-debuginfo-1.7.4-2.3.1 libXrandr-debugsource-1.4.2-4.3.1 libXrandr-devel-1.4.2-4.3.1 libXrandr2-1.4.2-4.3.1 libXrandr2-debuginfo-1.4.2-4.3.1 libxcb-composite0-1.11-2.5.1 libxcb-composite0-debuginfo-1.11-2.5.1 libxcb-damage0-1.11-2.5.1 libxcb-damage0-debuginfo-1.11-2.5.1 libxcb-debugsource-1.11-2.5.1 libxcb-devel-1.11-2.5.1 libxcb-dpms0-1.11-2.5.1 libxcb-dpms0-debuginfo-1.11-2.5.1 libxcb-dri2-0-1.11-2.5.1 libxcb-dri2-0-debuginfo-1.11-2.5.1 libxcb-dri3-0-1.11-2.5.1 libxcb-dri3-0-debuginfo-1.11-2.5.1 libxcb-glx0-1.11-2.5.1 libxcb-glx0-debuginfo-1.11-2.5.1 libxcb-present0-1.11-2.5.1 libxcb-present0-debuginfo-1.11-2.5.1 libxcb-randr0-1.11-2.5.1 libxcb-randr0-debuginfo-1.11-2.5.1 libxcb-record0-1.11-2.5.1 libxcb-record0-debuginfo-1.11-2.5.1 libxcb-render0-1.11-2.5.1 libxcb-render0-debuginfo-1.11-2.5.1 libxcb-res0-1.11-2.5.1 libxcb-res0-debuginfo-1.11-2.5.1 libxcb-screensaver0-1.11-2.5.1 libxcb-screensaver0-debuginfo-1.11-2.5.1 libxcb-shape0-1.11-2.5.1 libxcb-shape0-debuginfo-1.11-2.5.1 libxcb-shm0-1.11-2.5.1 libxcb-shm0-debuginfo-1.11-2.5.1 libxcb-sync1-1.11-2.5.1 libxcb-sync1-debuginfo-1.11-2.5.1 libxcb-xevie0-1.11-2.5.1 libxcb-xevie0-debuginfo-1.11-2.5.1 libxcb-xf86dri0-1.11-2.5.1 libxcb-xf86dri0-debuginfo-1.11-2.5.1 libxcb-xfixes0-1.11-2.5.1 libxcb-xfixes0-debuginfo-1.11-2.5.1 libxcb-xinerama0-1.11-2.5.1 libxcb-xinerama0-debuginfo-1.11-2.5.1 libxcb-xkb1-1.11-2.5.1 libxcb-xkb1-debuginfo-1.11-2.5.1 libxcb-xprint0-1.11-2.5.1 libxcb-xprint0-debuginfo-1.11-2.5.1 libxcb-xtest0-1.11-2.5.1 libxcb-xtest0-debuginfo-1.11-2.5.1 libxcb-xv0-1.11-2.5.1 libxcb-xv0-debuginfo-1.11-2.5.1 libxcb-xvmc0-1.11-2.5.1 libxcb-xvmc0-debuginfo-1.11-2.5.1 libxcb1-1.11-2.5.1 libxcb1-debuginfo-1.11-2.5.1 - openSUSE 13.2 (x86_64): libX11-6-32bit-1.6.2-5.6.1 libX11-6-debuginfo-32bit-1.6.2-5.6.1 libX11-devel-32bit-1.6.2-5.6.1 libX11-xcb1-32bit-1.6.2-5.6.1 libX11-xcb1-debuginfo-32bit-1.6.2-5.6.1 libXi-devel-32bit-1.7.4-2.3.1 libXi6-32bit-1.7.4-2.3.1 libXi6-debuginfo-32bit-1.7.4-2.3.1 libXrandr-devel-32bit-1.4.2-4.3.1 libXrandr2-32bit-1.4.2-4.3.1 libXrandr2-debuginfo-32bit-1.4.2-4.3.1 libxcb-composite0-32bit-1.11-2.5.1 libxcb-composite0-debuginfo-32bit-1.11-2.5.1 libxcb-damage0-32bit-1.11-2.5.1 libxcb-damage0-debuginfo-32bit-1.11-2.5.1 libxcb-devel-32bit-1.11-2.5.1 libxcb-dpms0-32bit-1.11-2.5.1 libxcb-dpms0-debuginfo-32bit-1.11-2.5.1 libxcb-dri2-0-32bit-1.11-2.5.1 libxcb-dri2-0-debuginfo-32bit-1.11-2.5.1 libxcb-dri3-0-32bit-1.11-2.5.1 libxcb-dri3-0-debuginfo-32bit-1.11-2.5.1 libxcb-glx0-32bit-1.11-2.5.1 libxcb-glx0-debuginfo-32bit-1.11-2.5.1 libxcb-present0-32bit-1.11-2.5.1 libxcb-present0-debuginfo-32bit-1.11-2.5.1 libxcb-randr0-32bit-1.11-2.5.1 libxcb-randr0-debuginfo-32bit-1.11-2.5.1 libxcb-record0-32bit-1.11-2.5.1 libxcb-record0-debuginfo-32bit-1.11-2.5.1 libxcb-render0-32bit-1.11-2.5.1 libxcb-render0-debuginfo-32bit-1.11-2.5.1 libxcb-res0-32bit-1.11-2.5.1 libxcb-res0-debuginfo-32bit-1.11-2.5.1 libxcb-screensaver0-32bit-1.11-2.5.1 libxcb-screensaver0-debuginfo-32bit-1.11-2.5.1 libxcb-shape0-32bit-1.11-2.5.1 libxcb-shape0-debuginfo-32bit-1.11-2.5.1 libxcb-shm0-32bit-1.11-2.5.1 libxcb-shm0-debuginfo-32bit-1.11-2.5.1 libxcb-sync1-32bit-1.11-2.5.1 libxcb-sync1-debuginfo-32bit-1.11-2.5.1 libxcb-xevie0-32bit-1.11-2.5.1 libxcb-xevie0-debuginfo-32bit-1.11-2.5.1 libxcb-xf86dri0-32bit-1.11-2.5.1 libxcb-xf86dri0-debuginfo-32bit-1.11-2.5.1 libxcb-xfixes0-32bit-1.11-2.5.1 libxcb-xfixes0-debuginfo-32bit-1.11-2.5.1 libxcb-xinerama0-32bit-1.11-2.5.1 libxcb-xinerama0-debuginfo-32bit-1.11-2.5.1 libxcb-xkb1-32bit-1.11-2.5.1 libxcb-xkb1-debuginfo-32bit-1.11-2.5.1 libxcb-xprint0-32bit-1.11-2.5.1 libxcb-xprint0-debuginfo-32bit-1.11-2.5.1 libxcb-xtest0-32bit-1.11-2.5.1 libxcb-xtest0-debuginfo-32bit-1.11-2.5.1 libxcb-xv0-32bit-1.11-2.5.1 libxcb-xv0-debuginfo-32bit-1.11-2.5.1 libxcb-xvmc0-32bit-1.11-2.5.1 libxcb-xvmc0-debuginfo-32bit-1.11-2.5.1 libxcb1-32bit-1.11-2.5.1 libxcb1-debuginfo-32bit-1.11-2.5.1 - openSUSE 13.2 (noarch): libX11-data-1.6.2-5.6.1 libxcb-devel-doc-1.11-2.5.1 References: https://www.suse.com/security/cve/CVE-2016-7942.html https://www.suse.com/security/cve/CVE-2016-7945.html https://www.suse.com/security/cve/CVE-2016-7946.html https://www.suse.com/security/cve/CVE-2016-7947.html https://www.suse.com/security/cve/CVE-2016-7948.html https://bugzilla.suse.com/1002991 https://bugzilla.suse.com/1002998 https://bugzilla.suse.com/1003000