LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

November 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA November 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Security ERRATA Moderate: X11 client libraries on SL6.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Mon, 3 Nov 2014 17:55:00 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (255 lines)
Synopsis:          Moderate: X11 client libraries security, bug fix, and enhancement update
Advisory ID:       SLSA-2014:1436-2
Issue Date:        2014-10-14
CVE Numbers:       CVE-2013-1981
                   CVE-2013-1982
                   CVE-2013-1983
                   CVE-2013-1984
                   CVE-2013-1985
                   CVE-2013-1986
                   CVE-2013-1987
                   CVE-2013-1988
                   CVE-2013-1989
                   CVE-2013-1990
                   CVE-2013-1991
                   CVE-2013-2003
                   CVE-2013-2005
                   CVE-2013-2004
                   CVE-2013-1997
                   CVE-2013-1998
                   CVE-2013-1999
                   CVE-2013-2000
                   CVE-2013-2001
                   CVE-2013-2002
                   CVE-2013-1995
                   CVE-2013-2062
                   CVE-2013-2064
                   CVE-2013-2066
--

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way various X11 client libraries handled certain
protocol data. An attacker able to submit invalid protocol data to an X11
server via a malicious X11 client could use either of these flaws to
potentially escalate their privileges on the system. (CVE-2013-1981,
CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986,
CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991,
CVE-2013-2003, CVE-2013-2062, CVE-2013-2064)

Multiple array index errors, leading to heap-based buffer out-of-bounds
write flaws, were found in the way various X11 client libraries handled
data returned from an X11 server. A malicious X11 server could possibly
use this flaw to execute arbitrary code with the privileges of the user
running an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999,
CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2066)

A buffer overflow flaw was found in the way the XListInputDevices()
function of X.Org X11's libXi runtime library handled signed numbers. A
malicious X11 server could possibly use this flaw to execute arbitrary
code with the privileges of the user running an X11 client.
(CVE-2013-1995)

A flaw was found in the way the X.Org X11 libXt runtime library used
uninitialized pointers. A malicious X11 server could possibly use this
flaw to execute arbitrary code with the privileges of the user running an
X11 client. (CVE-2013-2005)

Two stack-based buffer overflow flaws were found in the way libX11, the
Core X11 protocol client library, processed certain user-specified files.
A malicious X11 server could possibly use this flaw to crash an X11 client
via a specially crafted file. (CVE-2013-2004)

The xkeyboard-config package has been upgraded to upstream version 2.11,
which provides a number of bug fixes and enhancements over the previous
version.

This update also fixes the following bugs:

* Previously, updating the mesa-libGL package did not update the libX11
package, although it was listed as a dependency of mesa-libGL. This bug
has been fixed and updating mesa-libGL now updates all dependent packages
as expected.

* Previously, closing a customer application could occasionally cause the
X Server to terminate unexpectedly. After this update, the X Server no
longer hangs when a user closes a customer application.
--

SL6
  x86_64
    libX11-1.6.0-2.2.el6.i686.rpm
    libX11-1.6.0-2.2.el6.x86_64.rpm
    libX11-debuginfo-1.6.0-2.2.el6.i686.rpm
    libX11-debuginfo-1.6.0-2.2.el6.x86_64.rpm
    libXcursor-1.1.14-2.1.el6.i686.rpm
    libXcursor-1.1.14-2.1.el6.x86_64.rpm
    libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm
    libXcursor-debuginfo-1.1.14-2.1.el6.x86_64.rpm
    libXext-1.3.2-2.1.el6.i686.rpm
    libXext-1.3.2-2.1.el6.x86_64.rpm
    libXext-debuginfo-1.3.2-2.1.el6.i686.rpm
    libXext-debuginfo-1.3.2-2.1.el6.x86_64.rpm
    libXfixes-5.0.1-2.1.el6.i686.rpm
    libXfixes-5.0.1-2.1.el6.x86_64.rpm
    libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm
    libXfixes-debuginfo-5.0.1-2.1.el6.x86_64.rpm
    libXi-1.7.2-2.2.el6.i686.rpm
    libXi-1.7.2-2.2.el6.x86_64.rpm
    libXi-debuginfo-1.7.2-2.2.el6.i686.rpm
    libXi-debuginfo-1.7.2-2.2.el6.x86_64.rpm
    libXinerama-1.1.3-2.1.el6.i686.rpm
    libXinerama-1.1.3-2.1.el6.x86_64.rpm
    libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm
    libXinerama-debuginfo-1.1.3-2.1.el6.x86_64.rpm
    libXp-1.0.2-2.1.el6.i686.rpm
    libXp-1.0.2-2.1.el6.x86_64.rpm
    libXp-debuginfo-1.0.2-2.1.el6.i686.rpm
    libXp-debuginfo-1.0.2-2.1.el6.x86_64.rpm
    libXrandr-1.4.1-2.1.el6.i686.rpm
    libXrandr-1.4.1-2.1.el6.x86_64.rpm
    libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm
    libXrandr-debuginfo-1.4.1-2.1.el6.x86_64.rpm
    libXrender-0.9.8-2.1.el6.i686.rpm
    libXrender-0.9.8-2.1.el6.x86_64.rpm
    libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm
    libXrender-debuginfo-0.9.8-2.1.el6.x86_64.rpm
    libXres-1.0.7-2.1.el6.i686.rpm
    libXres-1.0.7-2.1.el6.x86_64.rpm
    libXres-debuginfo-1.0.7-2.1.el6.i686.rpm
    libXres-debuginfo-1.0.7-2.1.el6.x86_64.rpm
    libXt-1.1.4-6.1.el6.i686.rpm
    libXt-1.1.4-6.1.el6.x86_64.rpm
    libXt-debuginfo-1.1.4-6.1.el6.i686.rpm
    libXt-debuginfo-1.1.4-6.1.el6.x86_64.rpm
    libXtst-1.2.2-2.1.el6.i686.rpm
    libXtst-1.2.2-2.1.el6.x86_64.rpm
    libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm
    libXtst-debuginfo-1.2.2-2.1.el6.x86_64.rpm
    libXv-1.0.9-2.1.el6.i686.rpm
    libXv-1.0.9-2.1.el6.x86_64.rpm
    libXv-debuginfo-1.0.9-2.1.el6.i686.rpm
    libXv-debuginfo-1.0.9-2.1.el6.x86_64.rpm
    libXvMC-1.0.8-2.1.el6.i686.rpm
    libXvMC-1.0.8-2.1.el6.x86_64.rpm
    libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm
    libXvMC-debuginfo-1.0.8-2.1.el6.x86_64.rpm
    libXxf86dga-1.1.4-2.1.el6.x86_64.rpm
    libXxf86dga-debuginfo-1.1.4-2.1.el6.x86_64.rpm
    libXxf86vm-1.1.3-2.1.el6.i686.rpm
    libXxf86vm-1.1.3-2.1.el6.x86_64.rpm
    libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm
    libXxf86vm-debuginfo-1.1.3-2.1.el6.x86_64.rpm
    libdmx-1.1.3-3.el6.x86_64.rpm
    libdmx-debuginfo-1.1.3-3.el6.x86_64.rpm
    libxcb-1.9.1-2.el6.i686.rpm
    libxcb-1.9.1-2.el6.x86_64.rpm
    libxcb-debuginfo-1.9.1-2.el6.i686.rpm
    libxcb-debuginfo-1.9.1-2.el6.x86_64.rpm
    libX11-devel-1.6.0-2.2.el6.i686.rpm
    libX11-devel-1.6.0-2.2.el6.x86_64.rpm
    libXcursor-devel-1.1.14-2.1.el6.i686.rpm
    libXcursor-devel-1.1.14-2.1.el6.x86_64.rpm
    libXext-devel-1.3.2-2.1.el6.i686.rpm
    libXext-devel-1.3.2-2.1.el6.x86_64.rpm
    libXfixes-devel-5.0.1-2.1.el6.i686.rpm
    libXfixes-devel-5.0.1-2.1.el6.x86_64.rpm
    libXi-devel-1.7.2-2.2.el6.i686.rpm
    libXi-devel-1.7.2-2.2.el6.x86_64.rpm
    libXinerama-devel-1.1.3-2.1.el6.i686.rpm
    libXinerama-devel-1.1.3-2.1.el6.x86_64.rpm
    libXp-devel-1.0.2-2.1.el6.i686.rpm
    libXp-devel-1.0.2-2.1.el6.x86_64.rpm
    libXrandr-devel-1.4.1-2.1.el6.i686.rpm
    libXrandr-devel-1.4.1-2.1.el6.x86_64.rpm
    libXrender-devel-0.9.8-2.1.el6.i686.rpm
    libXrender-devel-0.9.8-2.1.el6.x86_64.rpm
    libXres-devel-1.0.7-2.1.el6.i686.rpm
    libXres-devel-1.0.7-2.1.el6.x86_64.rpm
    libXt-devel-1.1.4-6.1.el6.i686.rpm
    libXt-devel-1.1.4-6.1.el6.x86_64.rpm
    libXtst-devel-1.2.2-2.1.el6.i686.rpm
    libXtst-devel-1.2.2-2.1.el6.x86_64.rpm
    libXv-devel-1.0.9-2.1.el6.i686.rpm
    libXv-devel-1.0.9-2.1.el6.x86_64.rpm
    libXvMC-devel-1.0.8-2.1.el6.i686.rpm
    libXvMC-devel-1.0.8-2.1.el6.x86_64.rpm
    libXxf86dga-1.1.4-2.1.el6.i686.rpm
    libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm
    libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm
    libXxf86dga-devel-1.1.4-2.1.el6.x86_64.rpm
    libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm
    libXxf86vm-devel-1.1.3-2.1.el6.x86_64.rpm
    libdmx-1.1.3-3.el6.i686.rpm
    libdmx-debuginfo-1.1.3-3.el6.i686.rpm
    libdmx-devel-1.1.3-3.el6.i686.rpm
    libdmx-devel-1.1.3-3.el6.x86_64.rpm
    libxcb-devel-1.9.1-2.el6.i686.rpm
    libxcb-devel-1.9.1-2.el6.x86_64.rpm
    libxcb-python-1.9.1-2.el6.x86_64.rpm
  i386
    libX11-1.6.0-2.2.el6.i686.rpm
    libX11-debuginfo-1.6.0-2.2.el6.i686.rpm
    libXcursor-1.1.14-2.1.el6.i686.rpm
    libXcursor-debuginfo-1.1.14-2.1.el6.i686.rpm
    libXext-1.3.2-2.1.el6.i686.rpm
    libXext-debuginfo-1.3.2-2.1.el6.i686.rpm
    libXfixes-5.0.1-2.1.el6.i686.rpm
    libXfixes-debuginfo-5.0.1-2.1.el6.i686.rpm
    libXi-1.7.2-2.2.el6.i686.rpm
    libXi-debuginfo-1.7.2-2.2.el6.i686.rpm
    libXinerama-1.1.3-2.1.el6.i686.rpm
    libXinerama-debuginfo-1.1.3-2.1.el6.i686.rpm
    libXp-1.0.2-2.1.el6.i686.rpm
    libXp-debuginfo-1.0.2-2.1.el6.i686.rpm
    libXrandr-1.4.1-2.1.el6.i686.rpm
    libXrandr-debuginfo-1.4.1-2.1.el6.i686.rpm
    libXrender-0.9.8-2.1.el6.i686.rpm
    libXrender-debuginfo-0.9.8-2.1.el6.i686.rpm
    libXres-1.0.7-2.1.el6.i686.rpm
    libXres-debuginfo-1.0.7-2.1.el6.i686.rpm
    libXt-1.1.4-6.1.el6.i686.rpm
    libXt-debuginfo-1.1.4-6.1.el6.i686.rpm
    libXtst-1.2.2-2.1.el6.i686.rpm
    libXtst-debuginfo-1.2.2-2.1.el6.i686.rpm
    libXv-1.0.9-2.1.el6.i686.rpm
    libXv-debuginfo-1.0.9-2.1.el6.i686.rpm
    libXvMC-1.0.8-2.1.el6.i686.rpm
    libXvMC-debuginfo-1.0.8-2.1.el6.i686.rpm
    libXxf86dga-1.1.4-2.1.el6.i686.rpm
    libXxf86dga-debuginfo-1.1.4-2.1.el6.i686.rpm
    libXxf86vm-1.1.3-2.1.el6.i686.rpm
    libXxf86vm-debuginfo-1.1.3-2.1.el6.i686.rpm
    libdmx-1.1.3-3.el6.i686.rpm
    libdmx-debuginfo-1.1.3-3.el6.i686.rpm
    libxcb-1.9.1-2.el6.i686.rpm
    libxcb-debuginfo-1.9.1-2.el6.i686.rpm
    libX11-devel-1.6.0-2.2.el6.i686.rpm
    libXcursor-devel-1.1.14-2.1.el6.i686.rpm
    libXext-devel-1.3.2-2.1.el6.i686.rpm
    libXfixes-devel-5.0.1-2.1.el6.i686.rpm
    libXi-devel-1.7.2-2.2.el6.i686.rpm
    libXinerama-devel-1.1.3-2.1.el6.i686.rpm
    libXp-devel-1.0.2-2.1.el6.i686.rpm
    libXrandr-devel-1.4.1-2.1.el6.i686.rpm
    libXrender-devel-0.9.8-2.1.el6.i686.rpm
    libXres-devel-1.0.7-2.1.el6.i686.rpm
    libXt-devel-1.1.4-6.1.el6.i686.rpm
    libXtst-devel-1.2.2-2.1.el6.i686.rpm
    libXv-devel-1.0.9-2.1.el6.i686.rpm
    libXvMC-devel-1.0.8-2.1.el6.i686.rpm
    libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm
    libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm
    libdmx-devel-1.1.3-3.el6.i686.rpm
    libxcb-devel-1.9.1-2.el6.i686.rpm
    libxcb-python-1.9.1-2.el6.i686.rpm
  noarch
    libX11-common-1.6.0-2.2.el6.noarch.rpm
    xkeyboard-config-2.11-1.el6.noarch.rpm
    libxcb-doc-1.9.1-2.el6.noarch.rpm
    xcb-proto-1.8-3.el6.noarch.rpm
    xkeyboard-config-devel-2.11-1.el6.noarch.rpm
    xorg-x11-proto-devel-7.7-9.el6.noarch.rpm
    xorg-x11-xtrans-devel-1.3.4-1.el6.noarch.rpm

- Scientific Linux Development Team
ATOM RSS1 RSS2
LISTSERV.FNAL.GOV