Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
203
security advisorymoderatedenial of serviceMageia 6: MGASA-2018-0364 Moderate: libxcursor Heap Overflow DoS Threat
Updated libxcursor packages fix security vulnerability _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. (CVE-2015-9262) . MGASA-2018-0364 - Updated libxcursor packages fix security vulnerability Publication date: 31 Aug 2018 URL: https://advisories.mageia.org/MGASA-2018-0364.html Type: security Affected Mageia releases: 6 CVE: CVE-2015-9262 Updated libxcursor packages fix security vulnerability _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. (CVE-2015-9262) References: - https://bugs.mageia.org/show_bug.cgi?id=23478 - https://www.openwall.com/lists/oss-security/2018/08/22/6 - https://ubuntu.com/security/notices/USN-3729-1 - https://www.cve.org/CVERecord?id=CVE-2015-9262 SRPMS: - 6/core/libxcursor-1.1.14-6.2.mga6 . Recent updates to libxcursor packages fix a critical DoS vulnerability that may allow unauthorized code execution due to a heap overflow, crucial for Mageia users. Mageia libxcursor update, security issues, DoS mitigation. . LinuxSecurity.com Team
Aug 31, 2018
Mageia
197
security advisorydenial of servicecode executionDebian 8 DLA-1469-1 Critical Libxcursor Denial Of Service
It was discovered that there was a denial of service or (potentially code execution) vulnerability in libxcursor, a library designed to help locate and load cursors for the X Window System. . Package : libxcursor Version : 1:1.1.14-1+deb8u2 CVE ID : CVE-2015-9262 Debian Bug : #906012 It was discovered that there was a denial of service or (potentially code execution) vulnerability in libxcursor, a library designed to help locate and load cursors for the X Window System. For Debian 8 "Jessie", this issue has been fixed in libxcursor version 1:1.1.14-1+deb8u2. We recommend that you upgrade your libxcursor packages. Regards, - -- ,'`. : :' : Chris Lamb `. `'`
Aug 18, 2018
•Critical
Debian LTS
172
security advisorydenial of servicecritical issueUbuntu 16.04 LTS USN-3729-1 Critical: Libxcursor Denial Of Service
libxcursor could be made to crash or run programs if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-3729-1 August 06, 2018 libxcursor vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: libxcursor could be made to crash or run programs if it opened a specially crafted file. Software Description: - libxcursor: X11 cursor management library Details: It was discovered that libxcursor incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libxcursor1 1:1.1.14-1ubuntu0.16.04.2 Ubuntu 14.04 LTS: libxcursor1 1:1.1.14-1ubuntu0.14.04.2 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3729-1 CVE-2015-9262 Package Information: https://launchpad.net/ubuntu/+source/libxcursor/1:1.1.14-1ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/libxcursor/1:1.1.14-1ubuntu0.14.04.2 . Ubuntu Security Announcement USN-3790-1 pertains to a vulnerability in libglib that could result in application failures and service interruptions in legacy versions.. libxcursor update,ubuntu issues,security notices,crash issue. . Severity: Critical. LinuxSecurity.com Team
Aug 06, 2018
•Critical
Ubuntu
89
security advisoryfedorabuffer overflowFedora 26: FEDORA-2018-0eed1be1c0 Critical: libXcursor Heap Overflow
libXcursor 1.1.15. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-0eed1be1c0 2018-03-06 17:26:39.512057 --------------------------------------------------------------------------------Name : libXcursor Product : Fedora 26 Version : 1.1.15 Release : 1.fc26 URL : https://www.x.org/wiki/ Summary : Cursor management library Description : This is a simple library designed to help locate and load cursors. Cursors can be loaded from files or memory. A library of common cursors exists which map to the standard X cursor names.Cursors can exist in several sizes and the library automatically picks the best size. --------------------------------------------------------------------------------Update Information: libXcursor 1.1.15 --------------------------------------------------------------------------------References: [ 1 ] Bug #1518479 - CVE-2017-16612 libXcursor: file.c: heap-based buffer overflow when reading/creating images [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1518479 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libXcursor' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Mar 06, 2018
•Critical
Fedora
197
security advisorydebianarbitrary code executionDebian 7: DLA-1201-1 Moderate: libxcursor Heap Overflow Threat
It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file. . Hash: SHA256 Package : libxcursor Version : 1:1.1.13-1+deb7u2 CVE ID : CVE-2017-16612 Debian Bug : 883792 It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.1.13-1+deb7u2. We recommend that you upgrade your libxcursor packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A recent patch for libXcursor addresses heap overflow vulnerabilities that might enable code execution through crafted cursor files.. libxcursor,heap overflow,arbitrary code execution,security update. . Severity: Important. LinuxSecurity.com Team
Dec 10, 2017
•Important
Debian LTS
87
security advisorycriticaldebianDebian Security Advisory DSA-4059-1: Critical libXcursor Heap Overflow
It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4059-1
Dec 08, 2017
•Critical
Debian
198
security advisoryhigh severityarbitrary code executionArch Linux: ASA-201711-41 High: Libxcursor Arbitrary Code Execution
The package libxcursor before version 1.1.15-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-201711-41 ========================================= Severity: High Date : 2017-11-30 CVE-ID : CVE-2017-16612 Package : libxcursor Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-531 Summary ====== The package libxcursor before version 1.1.15-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 1.1.15-1. # pacman -Syu "libxcursor> =1.1.15-1" The problem has been fixed upstream in version 1.1.15. Workaround ========= None. Description ========== It was discovered that libxcursor before 1.1.15 is vulnerable to heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. An attacker could use local privileges or trick a user into parsing a malicious file to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code. Impact ===== An attacker could use local privileges or trick a user into parsing a malicious image file to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code. References ========= https://www.openwall.com/lists/oss-security/2017/11/28/6 https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2 https://security.archlinux.org/CVE-2017-16612 . The Arch Linux Security Announcement ASA-202112-15 highlights a critical vulnerability allowing arbitrary code execution in libxi.. Arch Linux, LibXcursor, Code Execution, Security Advisory, Heap Overflow. . LinuxSecurity.com Team
Dec 01, 2017
ArchLinux
172
security advisoryUbuntucritical updateUbuntu: USN-1856-1 Critical: libxcursor Denial Of Service
Several security issues were fixed in libxcursor.. =========================================================================Ubuntu Security Notice USN-1856-1 June 05, 2013 libxcursor vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Several security issues were fixed in libxcursor. Software Description: - libxcursor: X cursor management library Details: Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: libxcursor1 1:1.1.13-1ubuntu0.13.04.1 Ubuntu 12.10: libxcursor1 1:1.1.13-1ubuntu0.12.10.1 Ubuntu 12.04 LTS: libxcursor1 1:1.1.12-1ubuntu0.1 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1856-1 CVE-2013-2003 Package Information: https://launchpad.net/ubuntu/+source/libxcursor/1:1.1.13-1ubuntu0.13.04.1 https://launchpad.net/ubuntu/+source/libxcursor/1:1.1.13-1ubuntu0.12.10.1 https://launchpad.net/ubuntu/+source/libxcursor/1:1.1.12-1ubuntu0.1 . Numerous vulnerabilities addressed in libxcursor for Ubuntu 13.04, 12.10, and 12.04. Essential instructions for updating included.. Libxcursor Security, Ubuntu Updates, Denial Of Service, Xorg Issues. . Severity: Critical. LinuxSecurity.com Team
Jun 05, 2013
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!