Date: Mon, 3 Nov 2014 17:55:00 +0000
Reply-To: scientific-linux-users@listserv.fnal.gov
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Subject: Security ERRATA Moderate: X11 client libraries on SL6.x
i386/x86_64
MIME-Version: 1.0
Synopsis: Moderate: X11 client libraries security, bug fix, and enhancement update
Advisory ID: SLSA-2014:1436-2
Issue Date: 2014-10-14
CVE Numbers: CVE-2013-1981
CVE-2013-1982
CVE-2013-1983
CVE-2013-1984
CVE-2013-1985
CVE-2013-1986
CVE-2013-1987
CVE-2013-1988
CVE-2013-1989
CVE-2013-1990
CVE-2013-1991
CVE-2013-2003
CVE-2013-2005
CVE-2013-2004
CVE-2013-1997
CVE-2013-1998
CVE-2013-1999
CVE-2013-2000
CVE-2013-2001
CVE-2013-2002
CVE-2013-1995
CVE-2013-2062
CVE-2013-2064
CVE-2013-2066
--
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way various X11 client libraries handled certain
protocol data. An attacker able to submit invalid protocol data to an X11
server via a malicious X11 client could use either of these flaws to
potentially escalate their privileges on the system. (CVE-2013-1981,
CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986,
CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991,
CVE-2013-2003, CVE-2013-2062, CVE-2013-2064)
Multiple array index errors, leading to heap-based buffer out-of-bounds
write flaws, were found in the way various X11 client libraries handled
data returned from an X11 server. A malicious X11 server could possibly
use this flaw to execute arbitrary code with the privileges of the user
running an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999,
CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2066)
A buffer overflow flaw was found in the way the XListInputDevices()
function of X.Org X11's libXi runtime library handled signed numbers. A
malicious X11 server could possibly use this flaw to execute arbitrary
code with the privileges of the user running an X11 client.
(CVE-2013-1995)
A flaw was found in the way the X.Org X11 libXt runtime library used
uninitialized pointers. A malicious X11 server could possibly use this
flaw to execute arbitrary code with the privileges of the user running an
X11 client. (CVE-2013-2005)
Two stack-based buffer overflow flaws were found in the way libX11, the
Core X11 protocol client library, processed certain user-specified files.
A malicious X11 server could possibly use this flaw to crash an X11 client
via a specially crafted file. (CVE-2013-2004)
The xkeyboard-config package has been upgraded to upstream version 2.11,
which provides a number of bug fixes and enhancements over the previous
version.
This update also fixes the following bugs:
* Previously, updating the mesa-libGL package did not update the libX11
package, although it was listed as a dependency of mesa-libGL. This bug
has been fixed and updating mesa-libGL now updates all dependent packages
as expected.
* Previously, closing a customer application could occasionally cause the
X Server to terminate unexpectedly. After this update, the X Server no
longer hangs when a user closes a customer application.
--
SL6
x86_64
libX11-1.6.0-2.2.el6.i686.rpm
libX11-1.6.0-2.2.el6.x86_64.rpm
libX11-debuginfo-1.6.0-2.2.el6.i686.rpm
libX11-debuginfo-1.6.0-2.2.el6.x86_64.rpm
libXcursor-1.1.14-2.1.el6.i686.rpm
libXcursor-1.1.14-2.1.el6.x86_64.rpm
libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm
libXcursor-debuginfo-1.1.14-2.1.el6.x86_64.rpm
libXext-1.3.2-2.1.el6.i686.rpm
libXext-1.3.2-2.1.el6.x86_64.rpm
libXext-debuginfo-1.3.2-2.1.el6.i686.rpm
libXext-debuginfo-1.3.2-2.1.el6.x86_64.rpm
libXfixes-5.0.1-2.1.el6.i686.rpm
libXfixes-5.0.1-2.1.el6.x86_64.rpm
libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm
libXfixes-debuginfo-5.0.1-2.1.el6.x86_64.rpm
libXi-1.7.2-2.2.el6.i686.rpm
libXi-1.7.2-2.2.el6.x86_64.rpm
libXi-debuginfo-1.7.2-2.2.el6.i686.rpm
libXi-debuginfo-1.7.2-2.2.el6.x86_64.rpm
libXinerama-1.1.3-2.1.el6.i686.rpm
libXinerama-1.1.3-2.1.el6.x86_64.rpm
libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm
libXinerama-debuginfo-1.1.3-2.1.el6.x86_64.rpm
libXp-1.0.2-2.1.el6.i686.rpm
libXp-1.0.2-2.1.el6.x86_64.rpm
libXp-debuginfo-1.0.2-2.1.el6.i686.rpm
libXp-debuginfo-1.0.2-2.1.el6.x86_64.rpm
libXrandr-1.4.1-2.1.el6.i686.rpm
libXrandr-1.4.1-2.1.el6.x86_64.rpm
libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm
libXrandr-debuginfo-1.4.1-2.1.el6.x86_64.rpm
libXrender-0.9.8-2.1.el6.i686.rpm
libXrender-0.9.8-2.1.el6.x86_64.rpm
libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm
libXrender-debuginfo-0.9.8-2.1.el6.x86_64.rpm
libXres-1.0.7-2.1.el6.i686.rpm
libXres-1.0.7-2.1.el6.x86_64.rpm
libXres-debuginfo-1.0.7-2.1.el6.i686.rpm
libXres-debuginfo-1.0.7-2.1.el6.x86_64.rpm
libXt-1.1.4-6.1.el6.i686.rpm
libXt-1.1.4-6.1.el6.x86_64.rpm
libXt-debuginfo-1.1.4-6.1.el6.i686.rpm
libXt-debuginfo-1.1.4-6.1.el6.x86_64.rpm
libXtst-1.2.2-2.1.el6.i686.rpm
libXtst-1.2.2-2.1.el6.x86_64.rpm
libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm
libXtst-debuginfo-1.2.2-2.1.el6.x86_64.rpm
libXv-1.0.9-2.1.el6.i686.rpm
libXv-1.0.9-2.1.el6.x86_64.rpm
libXv-debuginfo-1.0.9-2.1.el6.i686.rpm
libXv-debuginfo-1.0.9-2.1.el6.x86_64.rpm
libXvMC-1.0.8-2.1.el6.i686.rpm
libXvMC-1.0.8-2.1.el6.x86_64.rpm
libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm
libXvMC-debuginfo-1.0.8-2.1.el6.x86_64.rpm
libXxf86dga-1.1.4-2.1.el6.x86_64.rpm
libXxf86dga-debuginfo-1.1.4-2.1.el6.x86_64.rpm
libXxf86vm-1.1.3-2.1.el6.i686.rpm
libXxf86vm-1.1.3-2.1.el6.x86_64.rpm
libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm
libXxf86vm-debuginfo-1.1.3-2.1.el6.x86_64.rpm
libdmx-1.1.3-3.el6.x86_64.rpm
libdmx-debuginfo-1.1.3-3.el6.x86_64.rpm
libxcb-1.9.1-2.el6.i686.rpm
libxcb-1.9.1-2.el6.x86_64.rpm
libxcb-debuginfo-1.9.1-2.el6.i686.rpm
libxcb-debuginfo-1.9.1-2.el6.x86_64.rpm
libX11-devel-1.6.0-2.2.el6.i686.rpm
libX11-devel-1.6.0-2.2.el6.x86_64.rpm
libXcursor-devel-1.1.14-2.1.el6.i686.rpm
libXcursor-devel-1.1.14-2.1.el6.x86_64.rpm
libXext-devel-1.3.2-2.1.el6.i686.rpm
libXext-devel-1.3.2-2.1.el6.x86_64.rpm
libXfixes-devel-5.0.1-2.1.el6.i686.rpm
libXfixes-devel-5.0.1-2.1.el6.x86_64.rpm
libXi-devel-1.7.2-2.2.el6.i686.rpm
libXi-devel-1.7.2-2.2.el6.x86_64.rpm
libXinerama-devel-1.1.3-2.1.el6.i686.rpm
libXinerama-devel-1.1.3-2.1.el6.x86_64.rpm
libXp-devel-1.0.2-2.1.el6.i686.rpm
libXp-devel-1.0.2-2.1.el6.x86_64.rpm
libXrandr-devel-1.4.1-2.1.el6.i686.rpm
libXrandr-devel-1.4.1-2.1.el6.x86_64.rpm
libXrender-devel-0.9.8-2.1.el6.i686.rpm
libXrender-devel-0.9.8-2.1.el6.x86_64.rpm
libXres-devel-1.0.7-2.1.el6.i686.rpm
libXres-devel-1.0.7-2.1.el6.x86_64.rpm
libXt-devel-1.1.4-6.1.el6.i686.rpm
libXt-devel-1.1.4-6.1.el6.x86_64.rpm
libXtst-devel-1.2.2-2.1.el6.i686.rpm
libXtst-devel-1.2.2-2.1.el6.x86_64.rpm
libXv-devel-1.0.9-2.1.el6.i686.rpm
libXv-devel-1.0.9-2.1.el6.x86_64.rpm
libXvMC-devel-1.0.8-2.1.el6.i686.rpm
libXvMC-devel-1.0.8-2.1.el6.x86_64.rpm
libXxf86dga-1.1.4-2.1.el6.i686.rpm
libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm
libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm
libXxf86dga-devel-1.1.4-2.1.el6.x86_64.rpm
libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm
libXxf86vm-devel-1.1.3-2.1.el6.x86_64.rpm
libdmx-1.1.3-3.el6.i686.rpm
libdmx-debuginfo-1.1.3-3.el6.i686.rpm
libdmx-devel-1.1.3-3.el6.i686.rpm
libdmx-devel-1.1.3-3.el6.x86_64.rpm
libxcb-devel-1.9.1-2.el6.i686.rpm
libxcb-devel-1.9.1-2.el6.x86_64.rpm
libxcb-python-1.9.1-2.el6.x86_64.rpm
i386
libX11-1.6.0-2.2.el6.i686.rpm
libX11-debuginfo-1.6.0-2.2.el6.i686.rpm
libXcursor-1.1.14-2.1.el6.i686.rpm
libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm
libXext-1.3.2-2.1.el6.i686.rpm
libXext-debuginfo-1.3.2-2.1.el6.i686.rpm
libXfixes-5.0.1-2.1.el6.i686.rpm
libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm
libXi-1.7.2-2.2.el6.i686.rpm
libXi-debuginfo-1.7.2-2.2.el6.i686.rpm
libXinerama-1.1.3-2.1.el6.i686.rpm
libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm
libXp-1.0.2-2.1.el6.i686.rpm
libXp-debuginfo-1.0.2-2.1.el6.i686.rpm
libXrandr-1.4.1-2.1.el6.i686.rpm
libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm
libXrender-0.9.8-2.1.el6.i686.rpm
libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm
libXres-1.0.7-2.1.el6.i686.rpm
libXres-debuginfo-1.0.7-2.1.el6.i686.rpm
libXt-1.1.4-6.1.el6.i686.rpm
libXt-debuginfo-1.1.4-6.1.el6.i686.rpm
libXtst-1.2.2-2.1.el6.i686.rpm
libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm
libXv-1.0.9-2.1.el6.i686.rpm
libXv-debuginfo-1.0.9-2.1.el6.i686.rpm
libXvMC-1.0.8-2.1.el6.i686.rpm
libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm
libXxf86dga-1.1.4-2.1.el6.i686.rpm
libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm
libXxf86vm-1.1.3-2.1.el6.i686.rpm
libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm
libdmx-1.1.3-3.el6.i686.rpm
libdmx-debuginfo-1.1.3-3.el6.i686.rpm
libxcb-1.9.1-2.el6.i686.rpm
libxcb-debuginfo-1.9.1-2.el6.i686.rpm
libX11-devel-1.6.0-2.2.el6.i686.rpm
libXcursor-devel-1.1.14-2.1.el6.i686.rpm
libXext-devel-1.3.2-2.1.el6.i686.rpm
libXfixes-devel-5.0.1-2.1.el6.i686.rpm
libXi-devel-1.7.2-2.2.el6.i686.rpm
libXinerama-devel-1.1.3-2.1.el6.i686.rpm
libXp-devel-1.0.2-2.1.el6.i686.rpm
libXrandr-devel-1.4.1-2.1.el6.i686.rpm
libXrender-devel-0.9.8-2.1.el6.i686.rpm
libXres-devel-1.0.7-2.1.el6.i686.rpm
libXt-devel-1.1.4-6.1.el6.i686.rpm
libXtst-devel-1.2.2-2.1.el6.i686.rpm
libXv-devel-1.0.9-2.1.el6.i686.rpm
libXvMC-devel-1.0.8-2.1.el6.i686.rpm
libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm
libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm
libdmx-devel-1.1.3-3.el6.i686.rpm
libxcb-devel-1.9.1-2.el6.i686.rpm
libxcb-python-1.9.1-2.el6.i686.rpm
noarch
libX11-common-1.6.0-2.2.el6.noarch.rpm
xkeyboard-config-2.11-1.el6.noarch.rpm
libxcb-doc-1.9.1-2.el6.noarch.rpm
xcb-proto-1.8-3.el6.noarch.rpm
xkeyboard-config-devel-2.11-1.el6.noarch.rpm
xorg-x11-proto-devel-7.7-9.el6.noarch.rpm
xorg-x11-xtrans-devel-1.3.4-1.el6.noarch.rpm
- Scientific Linux Development Team
SciLinux: CVE-2013-1981 Moderate: X11 client libraries SL6.x
Moderate: X11 client libraries security, bug fix, and enhancement update
Summary
Moderate: X11 client libraries security, bug fix, and enhancement update
Security Fixes
Severity
Advisory ID: SLSA-2014:1436-2
Issued Date: : 2014-10-14
CVE Numbers: CVE-2013-1981
CVE-2013-1982
CVE-2013-1983
News
HOWTOs
Features
About Us
Powered By
