Security update for xorg-x11-libXt
SUSE Security Update: Security update for xorg-x11-libXt
This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of
xorg-x11-libXt, fixing security issues.
These issues require connection to a malicious X server to trigger the
bugs in client libraries.
* CVE-2013-2002: Buffer overflow in X.org libXt allowed X servers to
cause a denial of service (crash) and possibly execute arbitrary
code via crafted length or index values to the
_XtResourceConfigurationEH function.
* CVE-2013-2005: X.org libXt did not check the return value of the
XGetWindowProperty function, which allowed X servers to trigger use
of an uninitialized pointer and memory corruption via vectors
related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut,
(4) HandleNormal, and (5) HandleSelectionReplies functions.
Security Issues references:
* CVE-2013-2002
* CVE-2013-2005
Announcement ID: | SUSE-SU-2014:0898-1 |
Rating: | moderate |
References: | #815451 #821670 |
Affected Products: |
An update that fixes two vulnerabilities is now available.
Description:
This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of
xorg-x11-libXt, fixing security issues.
These issues require connection to a malicious X server to trigger the
bugs in client libraries.
* CVE-2013-2002: Buffer overflow in X.org libXt allowed X servers to
cause a denial of service (crash) and possibly execute arbitrary
code via crafted length or index values to the
_XtResourceConfigurationEH function.
* CVE-2013-2005: X.org libXt did not check the return value of the
XGetWindowProperty function, which allowed X servers to trigger use
of an uninitialized pointer and memory corruption via vectors
related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut,
(4) HandleNormal, and (5) HandleSelectionReplies functions.
Security Issues references:
* CVE-2013-2002
* CVE-2013-2005
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP1 LTSS:
zypper in -t patch slessp1-xorg-x11-libXt-9390
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):
- xorg-x11-libXt-7.4-1.19.8
- SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64):
- xorg-x11-libXt-32bit-7.4-1.19.8
References:
- http://support.novell.com/security/cve/CVE-2013-2002.html
- http://support.novell.com/security/cve/CVE-2013-2005.html
- https://bugzilla.novell.com/815451
- https://bugzilla.novell.com/821670
- http://download.suse.com/patch/finder/?keywords=827019064a88342eab5f5c1cd0d70a80