Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 529
Alerts This Week
Warning Icon 1 529

Scientific Linux: 2014-1436-2 Moderate: X11 Client Libraries Fixes

Scientific Large Esm H446
Moderate: X11 client libraries security, bug fix, and enhancement update
Date: Mon, 3 Nov 2014 17:55:00 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: X11 client libraries on SL6.x
 i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: X11 client libraries security, bug fix, and enhancement update
Advisory ID: SLSA-2014:1436-2
Issue Date: 2014-10-14
CVE Numbers: CVE-2013-1981
 CVE-2013-1982
 CVE-2013-1983
 CVE-2013-1984
 CVE-2013-1985
 CVE-2013-1986
 CVE-2013-1987
 CVE-2013-1988
 CVE-2013-1989
 CVE-2013-1990
 CVE-2013-1991
 CVE-2013-2003
 CVE-2013-2005
 CVE-2013-2004
 CVE-2013-1997
 CVE-2013-1998
 CVE-2013-1999
 CVE-2013-2000
 CVE-2013-2001
 CVE-2013-2002
 CVE-2013-1995
 CVE-2013-2062
 CVE-2013-2064
 CVE-2013-2066
--

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way various X11 client libraries handled certain
protocol data. An attacker able to submit invalid protocol data to an X11
server via a malicious X11 client could use either of these flaws to
potentially escalate their privileges on the system. (CVE-2013-1981,
CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986,
CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991,
CVE-2013-2003, CVE-2013-2062, CVE-2013-2064)

Multiple array index errors, leading to heap-based buffer out-of-bounds
write flaws, were found in the way various X11 client libraries handled
data returned from an X11 server. A malicious X11 server could possibly
use this flaw to execute arbitrary code with the privileges of the user
running an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999,
CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2066)

A buffer overflow flaw was found in the way the XListInputDevices()
function of X.Org X11's libXi runtime library handled signed numbers. A
malicious X11 server could possibly use this flaw to execute arbitrary
code with the privileges of the user running an X11 client.
(CVE-2013-1995)

A flaw was found in the way the X.Org X11 libXt runtime library used
uninitialized pointers. A malicious X11 server could possibly use this
flaw to execute arbitrary code with the privileges of the user running an
X11 client. (CVE-2013-2005)

Two stack-based buffer overflow flaws were found in the way libX11, the
Core X11 protocol client library, processed certain user-specified files.
A malicious X11 server could possibly use this flaw to crash an X11 client
via a specially crafted file. (CVE-2013-2004)

The xkeyboard-config package has been upgraded to upstream version 2.11,
which provides a number of bug fixes and enhancements over the previous
version.

This update also fixes the following bugs:

* Previously, updating the mesa-libGL package did not update the libX11
package, although it was listed as a dependency of mesa-libGL. This bug
has been fixed and updating mesa-libGL now updates all dependent packages
as expected.

* Previously, closing a customer application could occasionally cause the
X Server to terminate unexpectedly. After this update, the X Server no
longer hangs when a user closes a customer application.
--

SL6
 x86_64
 libX11-1.6.0-2.2.el6.i686.rpm
 libX11-1.6.0-2.2.el6.x86_64.rpm
 libX11-debuginfo-1.6.0-2.2.el6.i686.rpm
 libX11-debuginfo-1.6.0-2.2.el6.x86_64.rpm
 libXcursor-1.1.14-2.1.el6.i686.rpm
 libXcursor-1.1.14-2.1.el6.x86_64.rpm
 libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm
 libXcursor-debuginfo-1.1.14-2.1.el6.x86_64.rpm
 libXext-1.3.2-2.1.el6.i686.rpm
 libXext-1.3.2-2.1.el6.x86_64.rpm
 libXext-debuginfo-1.3.2-2.1.el6.i686.rpm
 libXext-debuginfo-1.3.2-2.1.el6.x86_64.rpm
 libXfixes-5.0.1-2.1.el6.i686.rpm
 libXfixes-5.0.1-2.1.el6.x86_64.rpm
 libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm
 libXfixes-debuginfo-5.0.1-2.1.el6.x86_64.rpm
 libXi-1.7.2-2.2.el6.i686.rpm
 libXi-1.7.2-2.2.el6.x86_64.rpm
 libXi-debuginfo-1.7.2-2.2.el6.i686.rpm
 libXi-debuginfo-1.7.2-2.2.el6.x86_64.rpm
 libXinerama-1.1.3-2.1.el6.i686.rpm
 libXinerama-1.1.3-2.1.el6.x86_64.rpm
 libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm
 libXinerama-debuginfo-1.1.3-2.1.el6.x86_64.rpm
 libXp-1.0.2-2.1.el6.i686.rpm
 libXp-1.0.2-2.1.el6.x86_64.rpm
 libXp-debuginfo-1.0.2-2.1.el6.i686.rpm
 libXp-debuginfo-1.0.2-2.1.el6.x86_64.rpm
 libXrandr-1.4.1-2.1.el6.i686.rpm
 libXrandr-1.4.1-2.1.el6.x86_64.rpm
 libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm
 libXrandr-debuginfo-1.4.1-2.1.el6.x86_64.rpm
 libXrender-0.9.8-2.1.el6.i686.rpm
 libXrender-0.9.8-2.1.el6.x86_64.rpm
 libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm
 libXrender-debuginfo-0.9.8-2.1.el6.x86_64.rpm
 libXres-1.0.7-2.1.el6.i686.rpm
 libXres-1.0.7-2.1.el6.x86_64.rpm
 libXres-debuginfo-1.0.7-2.1.el6.i686.rpm
 libXres-debuginfo-1.0.7-2.1.el6.x86_64.rpm
 libXt-1.1.4-6.1.el6.i686.rpm
 libXt-1.1.4-6.1.el6.x86_64.rpm
 libXt-debuginfo-1.1.4-6.1.el6.i686.rpm
 libXt-debuginfo-1.1.4-6.1.el6.x86_64.rpm
 libXtst-1.2.2-2.1.el6.i686.rpm
 libXtst-1.2.2-2.1.el6.x86_64.rpm
 libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm
 libXtst-debuginfo-1.2.2-2.1.el6.x86_64.rpm
 libXv-1.0.9-2.1.el6.i686.rpm
 libXv-1.0.9-2.1.el6.x86_64.rpm
 libXv-debuginfo-1.0.9-2.1.el6.i686.rpm
 libXv-debuginfo-1.0.9-2.1.el6.x86_64.rpm
 libXvMC-1.0.8-2.1.el6.i686.rpm
 libXvMC-1.0.8-2.1.el6.x86_64.rpm
 libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm
 libXvMC-debuginfo-1.0.8-2.1.el6.x86_64.rpm
 libXxf86dga-1.1.4-2.1.el6.x86_64.rpm
 libXxf86dga-debuginfo-1.1.4-2.1.el6.x86_64.rpm
 libXxf86vm-1.1.3-2.1.el6.i686.rpm
 libXxf86vm-1.1.3-2.1.el6.x86_64.rpm
 libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm
 libXxf86vm-debuginfo-1.1.3-2.1.el6.x86_64.rpm
 libdmx-1.1.3-3.el6.x86_64.rpm
 libdmx-debuginfo-1.1.3-3.el6.x86_64.rpm
 libxcb-1.9.1-2.el6.i686.rpm
 libxcb-1.9.1-2.el6.x86_64.rpm
 libxcb-debuginfo-1.9.1-2.el6.i686.rpm
 libxcb-debuginfo-1.9.1-2.el6.x86_64.rpm
 libX11-devel-1.6.0-2.2.el6.i686.rpm
 libX11-devel-1.6.0-2.2.el6.x86_64.rpm
 libXcursor-devel-1.1.14-2.1.el6.i686.rpm
 libXcursor-devel-1.1.14-2.1.el6.x86_64.rpm
 libXext-devel-1.3.2-2.1.el6.i686.rpm
 libXext-devel-1.3.2-2.1.el6.x86_64.rpm
 libXfixes-devel-5.0.1-2.1.el6.i686.rpm
 libXfixes-devel-5.0.1-2.1.el6.x86_64.rpm
 libXi-devel-1.7.2-2.2.el6.i686.rpm
 libXi-devel-1.7.2-2.2.el6.x86_64.rpm
 libXinerama-devel-1.1.3-2.1.el6.i686.rpm
 libXinerama-devel-1.1.3-2.1.el6.x86_64.rpm
 libXp-devel-1.0.2-2.1.el6.i686.rpm
 libXp-devel-1.0.2-2.1.el6.x86_64.rpm
 libXrandr-devel-1.4.1-2.1.el6.i686.rpm
 libXrandr-devel-1.4.1-2.1.el6.x86_64.rpm
 libXrender-devel-0.9.8-2.1.el6.i686.rpm
 libXrender-devel-0.9.8-2.1.el6.x86_64.rpm
 libXres-devel-1.0.7-2.1.el6.i686.rpm
 libXres-devel-1.0.7-2.1.el6.x86_64.rpm
 libXt-devel-1.1.4-6.1.el6.i686.rpm
 libXt-devel-1.1.4-6.1.el6.x86_64.rpm
 libXtst-devel-1.2.2-2.1.el6.i686.rpm
 libXtst-devel-1.2.2-2.1.el6.x86_64.rpm
 libXv-devel-1.0.9-2.1.el6.i686.rpm
 libXv-devel-1.0.9-2.1.el6.x86_64.rpm
 libXvMC-devel-1.0.8-2.1.el6.i686.rpm
 libXvMC-devel-1.0.8-2.1.el6.x86_64.rpm
 libXxf86dga-1.1.4-2.1.el6.i686.rpm
 libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm
 libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm
 libXxf86dga-devel-1.1.4-2.1.el6.x86_64.rpm
 libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm
 libXxf86vm-devel-1.1.3-2.1.el6.x86_64.rpm
 libdmx-1.1.3-3.el6.i686.rpm
 libdmx-debuginfo-1.1.3-3.el6.i686.rpm
 libdmx-devel-1.1.3-3.el6.i686.rpm
 libdmx-devel-1.1.3-3.el6.x86_64.rpm
 libxcb-devel-1.9.1-2.el6.i686.rpm
 libxcb-devel-1.9.1-2.el6.x86_64.rpm
 libxcb-python-1.9.1-2.el6.x86_64.rpm
 i386
 libX11-1.6.0-2.2.el6.i686.rpm
 libX11-debuginfo-1.6.0-2.2.el6.i686.rpm
 libXcursor-1.1.14-2.1.el6.i686.rpm
 libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm
 libXext-1.3.2-2.1.el6.i686.rpm
 libXext-debuginfo-1.3.2-2.1.el6.i686.rpm
 libXfixes-5.0.1-2.1.el6.i686.rpm
 libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm
 libXi-1.7.2-2.2.el6.i686.rpm
 libXi-debuginfo-1.7.2-2.2.el6.i686.rpm
 libXinerama-1.1.3-2.1.el6.i686.rpm
 libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm
 libXp-1.0.2-2.1.el6.i686.rpm
 libXp-debuginfo-1.0.2-2.1.el6.i686.rpm
 libXrandr-1.4.1-2.1.el6.i686.rpm
 libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm
 libXrender-0.9.8-2.1.el6.i686.rpm
 libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm
 libXres-1.0.7-2.1.el6.i686.rpm
 libXres-debuginfo-1.0.7-2.1.el6.i686.rpm
 libXt-1.1.4-6.1.el6.i686.rpm
 libXt-debuginfo-1.1.4-6.1.el6.i686.rpm
 libXtst-1.2.2-2.1.el6.i686.rpm
 libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm
 libXv-1.0.9-2.1.el6.i686.rpm
 libXv-debuginfo-1.0.9-2.1.el6.i686.rpm
 libXvMC-1.0.8-2.1.el6.i686.rpm
 libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm
 libXxf86dga-1.1.4-2.1.el6.i686.rpm
 libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm
 libXxf86vm-1.1.3-2.1.el6.i686.rpm
 libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm
 libdmx-1.1.3-3.el6.i686.rpm
 libdmx-debuginfo-1.1.3-3.el6.i686.rpm
 libxcb-1.9.1-2.el6.i686.rpm
 libxcb-debuginfo-1.9.1-2.el6.i686.rpm
 libX11-devel-1.6.0-2.2.el6.i686.rpm
 libXcursor-devel-1.1.14-2.1.el6.i686.rpm
 libXext-devel-1.3.2-2.1.el6.i686.rpm
 libXfixes-devel-5.0.1-2.1.el6.i686.rpm
 libXi-devel-1.7.2-2.2.el6.i686.rpm
 libXinerama-devel-1.1.3-2.1.el6.i686.rpm
 libXp-devel-1.0.2-2.1.el6.i686.rpm
 libXrandr-devel-1.4.1-2.1.el6.i686.rpm
 libXrender-devel-0.9.8-2.1.el6.i686.rpm
 libXres-devel-1.0.7-2.1.el6.i686.rpm
 libXt-devel-1.1.4-6.1.el6.i686.rpm
 libXtst-devel-1.2.2-2.1.el6.i686.rpm
 libXv-devel-1.0.9-2.1.el6.i686.rpm
 libXvMC-devel-1.0.8-2.1.el6.i686.rpm
 libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm
 libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm
 libdmx-devel-1.1.3-3.el6.i686.rpm
 libxcb-devel-1.9.1-2.el6.i686.rpm
 libxcb-python-1.9.1-2.el6.i686.rpm
 noarch
 libX11-common-1.6.0-2.2.el6.noarch.rpm
 xkeyboard-config-2.11-1.el6.noarch.rpm
 libxcb-doc-1.9.1-2.el6.noarch.rpm
 xcb-proto-1.8-3.el6.noarch.rpm
 xkeyboard-config-devel-2.11-1.el6.noarch.rpm
 xorg-x11-proto-devel-7.7-9.el6.noarch.rpm
 xorg-x11-xtrans-devel-1.3.4-1.el6.noarch.rpm

- Scientific Linux Development Team