Mailinglist Archive: opensuse-updates (200 mails)

< Previous Next >
openSUSE-SU-2013:1047-1: moderate: update for libX11
openSUSE Security Update: update for libX11
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1047-1
Rating: moderate
References: #815451 #821664
Cross-References: CVE-2013-1981 CVE-2013-1997 CVE-2013-2004

Affected Products:
openSUSE 12.3
openSUSE 12.2
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update of libX11 fixes several security issues.
-
U_0001-integer-overflow-in-_XQueryFont-on-32-bit-platforms-.
patch,
U_0002-integer-overflow-in-_XF86BigfontQueryFont-CVE-2013-1.
patch,
U_0003-integer-overflow-in-XListFontsWithInfo-CVE-2013-1981.
patch,
U_0004-integer-overflow-in-XGetMotionEvents-CVE-2013-1981-4.
patch,
U_0005-integer-overflow-in-XListHosts-CVE-2013-1981-5-13.pat
ch,
U_0006-Integer-overflows-in-stringSectionSize-cause-buffer-.
patch,
U_0007-integer-overflow-in-ReadInFile-in-Xrm.c-CVE-2013-198.
patch,
U_0008-integer-truncation-in-_XimParseStringFile-CVE-2013-1.
patch,
U_0009-integer-overflows-in-TransFileName-CVE-2013-1981-9-1.
patch,
U_0010-integer-overflow-in-XGetWindowProperty-CVE-2013-1981.
patch,
U_0011-integer-overflow-in-XGetImage-CVE-2013-1981-11-13.pat
ch,
U_0012-integer-overflow-in-XGetPointerMapping-XGetKeyboardM.
patch,
U_0013-integer-overflow-in-XGetModifierMapping-CVE-2013-198.
patch
* integer overflow in various functions, integer
truncation in _XimParseStringFile() [CVE-2013-1981]
(bnc#821664, bnc#815451)
-
U_0001-unvalidated-lengths-in-XAllocColorCells-CVE-2013-199.
patch,
U_0002-unvalidated-index-in-_XkbReadGetDeviceInfoReply-CVE-.
patch,
U_0003-unvalidated-indexes-in-_XkbReadGeomShapes-CVE-2013-1.
patch,
U_0004-unvalidated-indexes-in-_XkbReadGetGeometryReply-CVE-.
patch,
U_0005-unvalidated-index-in-_XkbReadKeySyms-CVE-2013-1997-5.
patch,
U_0006-unvalidated-index-in-_XkbReadKeyActions-CVE-2013-199.
patch,
U_0007-unvalidated-index-in-_XkbReadKeyBehaviors-CVE-2013-1.
patch,
U_0008-unvalidated-index-in-_XkbReadModifierMap-CVE-2013-19.
patch,
U_0009-unvalidated-index-in-_XkbReadExplicitComponents-CVE-.
patch,
U_0010-unvalidated-index-in-_XkbReadVirtualModMap-CVE-2013-.
patch,
U_0011-unvalidated-index-length-in-_XkbReadGetNamesReply-CV.
patch,
U_0012-unvalidated-length-in-_XimXGetReadData-CVE-2013-1997.
patch,
U_0013-Avoid-overflows-in-XListFonts-CVE-2013-1997-13-15.pat
ch,
U_0014-Avoid-overflows-in-XGetFontPath-CVE-2013-1997-14-15.p
atch,
U_0015-Avoid-overflows-in-XListExtensions-CVE-2013-1997-15-.
patch
* unvalidated index/length in various functions; Avoid
overflows in XListFonts(), XGetFontPath(),
XListExtensions() [CVE-2013-1997] (bnc##821664,
bnc#815451)
-
U_0001-Unbounded-recursion-in-GetDatabase-when-parsing-incl.
patch,
U_0002-Unbounded-recursion-in-_XimParseStringFile-when-pars.
patch
* Unbounded recursion in GetDatabase(),
_XimParseStringFile when parsing include files
[CVE-2013-2004] (bnc##821664, bnc#815451)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-516

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-516

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 x86_64):

libX11-6-1.5.0-4.7.1
libX11-6-debuginfo-1.5.0-4.7.1
libX11-debugsource-1.5.0-4.7.1
libX11-devel-1.5.0-4.7.1
libX11-xcb1-1.5.0-4.7.1
libX11-xcb1-debuginfo-1.5.0-4.7.1

- openSUSE 12.3 (x86_64):

libX11-6-32bit-1.5.0-4.7.1
libX11-6-debuginfo-32bit-1.5.0-4.7.1
libX11-devel-32bit-1.5.0-4.7.1
libX11-xcb1-32bit-1.5.0-4.7.1
libX11-xcb1-debuginfo-32bit-1.5.0-4.7.1

- openSUSE 12.3 (noarch):

libX11-data-1.5.0-4.7.1

- openSUSE 12.2 (i586 x86_64):

libX11-6-1.5.0-2.7.1
libX11-6-debuginfo-1.5.0-2.7.1
libX11-debugsource-1.5.0-2.7.1
libX11-devel-1.5.0-2.7.1
libX11-xcb1-1.5.0-2.7.1
libX11-xcb1-debuginfo-1.5.0-2.7.1

- openSUSE 12.2 (x86_64):

libX11-6-32bit-1.5.0-2.7.1
libX11-6-debuginfo-32bit-1.5.0-2.7.1
libX11-devel-32bit-1.5.0-2.7.1
libX11-xcb1-32bit-1.5.0-2.7.1
libX11-xcb1-debuginfo-32bit-1.5.0-2.7.1

- openSUSE 12.2 (noarch):

libX11-data-1.5.0-2.7.1


References:

http://support.novell.com/security/cve/CVE-2013-1981.html
http://support.novell.com/security/cve/CVE-2013-1997.html
http://support.novell.com/security/cve/CVE-2013-2004.html
https://bugzilla.novell.com/815451
https://bugzilla.novell.com/821664


< Previous Next >
This Thread
  • No further messages