Security update for xorg-x11-libs
SUSE Security Update: Security update for xorg-x11-libs
This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of
xorg-x11-libs, fixing security issues and some bugs.
These issues require connection to a malicious X server to trigger the
bugs in client libraries.
Security issues fixed:
* CVE-2013-1984: Multiple integer overflows in X.org libXi allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XGetDeviceControl, (2)
XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4)
XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7)
XGetDeviceProperties, and (8) XListInputDevices functions.
* CVE-2013-1985: Integer overflow in X.org libXinerama allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the XineramaQueryScreens function.
* CVE-2013-1986: Multiple integer overflows in X.org libXrandr allowed
X servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XRRQueryOutputProperty and
(2) XRRQueryProviderProperty functions.
* CVE-2013-1988: Multiple integer overflows in X.org libXRes allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XResQueryClients and (2)
XResQueryClientResources functions.
* CVE-2013-1990: Multiple integer overflows in X.org libXvMC allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XvMCListSurfaceTypes and (2)
XvMCListSubpictureTypes functions.
* CVE-2013-1991: Multiple integer overflows in X.org libXxf86dga
allowed X servers to trigger allocation of insufficient memory and a
buffer overflow via vectors related to the (1) XDGAQueryModes and
(2) XDGASetMode functions.
* CVE-2013-1992: Multiple integer overflows in X.org libdmx allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) DMXGetScreenAttributes, (2)
DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.
* CVE-2013-1995: X.org libXi allowed X servers to trigger allocation
of insufficient memory and a buffer overflow via vectors related to
an unexpected sign extension in the XListInputDevices function.
* CVE-2013-1996: X.org libFS allowed X servers to trigger allocation
of insufficient memory and a buffer overflow via vectors related to
an unexpected sign extension in the FSOpenServer function.
* CVE-2013-1998: Multiple buffer overflows in X.org libXi allowed X
servers to cause a denial of service (crash) and possibly execute
arbitrary code via crafted length or index values to the (1)
XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3)
XQueryDeviceState functions.
* CVE-2013-1999: Buffer overflow in X.org libXvMC allowed X servers to
cause a denial of service (crash) and possibly execute arbitrary
code via crafted length or index values to the XvMCGetDRInfo
function.
* CVE-2013-2000: Multiple buffer overflows in X.org libXxf86dga
allowed X servers to cause a denial of service (crash) and possibly
execute arbitrary code via crafted length or index values to the (1)
XDGAQueryModes and (2) XDGASetMode functions.
* CVE-2013-2001: Buffer overflow in X.org libXxf86vm allowed X servers
to cause a denial of service (crash) and possibly execute arbitrary
code via crafted length or index values to the
XF86VidModeGetGammaRamp function.
* CVE-2013-2003: Integer overflow in X.org libXcursor allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the _XcursorFileHeaderCreate
function.
* CVE-2013-2063: Integer overflow in X.org libXtst allowed X servers
to trigger allocation of insufficient memory and a buffer overflow
via vectors related to the XRecordGetContext function.
* CVE-2013-6462: Stack-based buffer overflow in the bdfReadCharacters
function in bitmap/bdfread.c in X.Org libXfont allowed remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a long string in a character name in a BDF font
file.
* CVE-2014-0209: Multiple integer overflows in the (1)
FontFileAddEntry and (2) lexAlias functions in X.Org libXfont might
have allowed local users to gain privileges by adding a directory
with a large fonts.dir
or fonts.alias file to the font path, which triggers a heap-based
buffer overflow, related to metadata.
* CVE-2014-0210: Multiple buffer overflows in X.Org libXfont allowed
remote font servers to execute arbitrary code via a crafted xfs
protocol reply to the (1) _fs_recv_conn_setup, (2)
fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info,
(5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info
function.
* CVE-2014-0211: Multiple integer overflows in the (1) fs_get_reply,
(2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org
libXfont allowed remote font servers to execute arbitrary code via a
crafted xfs reply, which triggers a buffer overflow.
Additionally, one non-security issue has been fixed:
* XListDev: String size is unsigned char: Make char pointer to the
device name & device name len unsigned otherwise we will segfault on
device names > 128 characters.
Security Issues references:
* CVE-2013-1984
* CVE-2013-1985
* CVE-2013-1986
* CVE-2013-1988
* CVE-2013-1990
* CVE-2013-1991
* CVE-2013-1992
* CVE-2013-1995
* CVE-2013-1996
* CVE-2013-1998
* CVE-2013-1999
* CVE-2013-2000
* CVE-2013-2001
* CVE-2013-2003
* CVE-2013-2063
* CVE-2013-6462
* CVE-2014-0209
* CVE-2014-0210
* CVE-2014-0211
| Announcement ID: | SUSE-SU-2014:0881-1 |
| Rating: | moderate |
| References: | #815451 #821663 #854915 #857544 |
| Affected Products: |
An update that fixes 19 vulnerabilities is now available.
Description:
This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of
xorg-x11-libs, fixing security issues and some bugs.
These issues require connection to a malicious X server to trigger the
bugs in client libraries.
Security issues fixed:
* CVE-2013-1984: Multiple integer overflows in X.org libXi allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XGetDeviceControl, (2)
XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4)
XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7)
XGetDeviceProperties, and (8) XListInputDevices functions.
* CVE-2013-1985: Integer overflow in X.org libXinerama allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the XineramaQueryScreens function.
* CVE-2013-1986: Multiple integer overflows in X.org libXrandr allowed
X servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XRRQueryOutputProperty and
(2) XRRQueryProviderProperty functions.
* CVE-2013-1988: Multiple integer overflows in X.org libXRes allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XResQueryClients and (2)
XResQueryClientResources functions.
* CVE-2013-1990: Multiple integer overflows in X.org libXvMC allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XvMCListSurfaceTypes and (2)
XvMCListSubpictureTypes functions.
* CVE-2013-1991: Multiple integer overflows in X.org libXxf86dga
allowed X servers to trigger allocation of insufficient memory and a
buffer overflow via vectors related to the (1) XDGAQueryModes and
(2) XDGASetMode functions.
* CVE-2013-1992: Multiple integer overflows in X.org libdmx allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) DMXGetScreenAttributes, (2)
DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.
* CVE-2013-1995: X.org libXi allowed X servers to trigger allocation
of insufficient memory and a buffer overflow via vectors related to
an unexpected sign extension in the XListInputDevices function.
* CVE-2013-1996: X.org libFS allowed X servers to trigger allocation
of insufficient memory and a buffer overflow via vectors related to
an unexpected sign extension in the FSOpenServer function.
* CVE-2013-1998: Multiple buffer overflows in X.org libXi allowed X
servers to cause a denial of service (crash) and possibly execute
arbitrary code via crafted length or index values to the (1)
XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3)
XQueryDeviceState functions.
* CVE-2013-1999: Buffer overflow in X.org libXvMC allowed X servers to
cause a denial of service (crash) and possibly execute arbitrary
code via crafted length or index values to the XvMCGetDRInfo
function.
* CVE-2013-2000: Multiple buffer overflows in X.org libXxf86dga
allowed X servers to cause a denial of service (crash) and possibly
execute arbitrary code via crafted length or index values to the (1)
XDGAQueryModes and (2) XDGASetMode functions.
* CVE-2013-2001: Buffer overflow in X.org libXxf86vm allowed X servers
to cause a denial of service (crash) and possibly execute arbitrary
code via crafted length or index values to the
XF86VidModeGetGammaRamp function.
* CVE-2013-2003: Integer overflow in X.org libXcursor allowed X
servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the _XcursorFileHeaderCreate
function.
* CVE-2013-2063: Integer overflow in X.org libXtst allowed X servers
to trigger allocation of insufficient memory and a buffer overflow
via vectors related to the XRecordGetContext function.
* CVE-2013-6462: Stack-based buffer overflow in the bdfReadCharacters
function in bitmap/bdfread.c in X.Org libXfont allowed remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a long string in a character name in a BDF font
file.
* CVE-2014-0209: Multiple integer overflows in the (1)
FontFileAddEntry and (2) lexAlias functions in X.Org libXfont might
have allowed local users to gain privileges by adding a directory
with a large fonts.dir
or fonts.alias file to the font path, which triggers a heap-based
buffer overflow, related to metadata.
* CVE-2014-0210: Multiple buffer overflows in X.Org libXfont allowed
remote font servers to execute arbitrary code via a crafted xfs
protocol reply to the (1) _fs_recv_conn_setup, (2)
fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info,
(5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info
function.
* CVE-2014-0211: Multiple integer overflows in the (1) fs_get_reply,
(2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org
libXfont allowed remote font servers to execute arbitrary code via a
crafted xfs reply, which triggers a buffer overflow.
Additionally, one non-security issue has been fixed:
* XListDev: String size is unsigned char: Make char pointer to the
device name & device name len unsigned otherwise we will segfault on
device names > 128 characters.
Security Issues references:
* CVE-2013-1984
* CVE-2013-1985
* CVE-2013-1986
* CVE-2013-1988
* CVE-2013-1990
* CVE-2013-1991
* CVE-2013-1992
* CVE-2013-1995
* CVE-2013-1996
* CVE-2013-1998
* CVE-2013-1999
* CVE-2013-2000
* CVE-2013-2001
* CVE-2013-2003
* CVE-2013-2063
* CVE-2013-6462
* CVE-2014-0209
* CVE-2014-0210
* CVE-2014-0211
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP1 LTSS:
zypper in -t patch slessp1-xorg-x11-devel-9391
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):
- xorg-x11-libs-7.4-8.26.42.4
- SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64):
- xorg-x11-libs-32bit-7.4-8.26.42.4
References:
- http://support.novell.com/security/cve/CVE-2013-1984.html
- http://support.novell.com/security/cve/CVE-2013-1985.html
- http://support.novell.com/security/cve/CVE-2013-1986.html
- http://support.novell.com/security/cve/CVE-2013-1988.html
- http://support.novell.com/security/cve/CVE-2013-1990.html
- http://support.novell.com/security/cve/CVE-2013-1991.html
- http://support.novell.com/security/cve/CVE-2013-1992.html
- http://support.novell.com/security/cve/CVE-2013-1995.html
- http://support.novell.com/security/cve/CVE-2013-1996.html
- http://support.novell.com/security/cve/CVE-2013-1998.html
- http://support.novell.com/security/cve/CVE-2013-1999.html
- http://support.novell.com/security/cve/CVE-2013-2000.html
- http://support.novell.com/security/cve/CVE-2013-2001.html
- http://support.novell.com/security/cve/CVE-2013-2003.html
- http://support.novell.com/security/cve/CVE-2013-2063.html
- http://support.novell.com/security/cve/CVE-2013-6462.html
- http://support.novell.com/security/cve/CVE-2014-0209.html
- http://support.novell.com/security/cve/CVE-2014-0210.html
- http://support.novell.com/security/cve/CVE-2014-0211.html
- https://bugzilla.novell.com/815451
- https://bugzilla.novell.com/821663
- https://bugzilla.novell.com/854915
- https://bugzilla.novell.com/857544
- http://download.suse.com/patch/finder/?keywords=f7b66bb8d10aeae2b91fccd0d169c8f3