Security update for X Window System client libraries

SUSE Security Update: Security update for X Window System client libraries
Announcement ID: SUSE-SU-2016:2828-1
Rating: moderate
References: #1002991 #1002995 #1002998 #1003000 #1003002 #1003012 #1003017 #1003023
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 12-SP2
  • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
  • SUSE Linux Enterprise Server 12-SP2
  • SUSE Linux Enterprise Desktop 12-SP2

  • An update that fixes 12 vulnerabilities is now available.

    Description:


    This update for the X Window System client libraries fixes a class of
    privilege escalation issues.

    A malicious X Server could send specially crafted data to X clients, which
    allowed for triggering crashes, or privilege escalation if this
    relationship was untrusted or crossed user or permission level boundaries.

    libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC
    were fixed, specifically:

    libX11:
    - CVE-2016-7942: insufficient validation of data from the X server allowed
    out of boundary memory read (bsc#1002991)

    libXfixes:
    - CVE-2016-7944: insufficient validation of data from the X server can
    cause an integer overflow
    on 32 bit architectures (bsc#1002995)

    libXi:
    - CVE-2016-7945, CVE-2016-7946: insufficient validation of data from the X
    server can cause out of boundary memory access or endless loops (Denial
    of Service) (bsc#1002998)

    libXtst:
    - CVE-2016-7951, CVE-2016-7952: insufficient validation of data from the X
    server can cause out of boundary memory access or endless loops (Denial
    of Service) (bsc#1003012)

    libXv:
    - CVE-2016-5407: insufficient validation of data from the X server can
    cause out of boundary memory and memory corruption (bsc#1003017)

    libXvMC:
    - CVE-2016-7953: insufficient validation of data from the X server can
    cause a one byte buffer read underrun (bsc#1003023)

    libXrender:
    - CVE-2016-7949, CVE-2016-7950: insufficient validation of data from the X
    server can cause out of boundary memory writes (bsc#1003002)

    libXrandr:
    - CVE-2016-7947, CVE-2016-7948: insufficient validation of data from the X
    server can cause out of boundary memory writes (bsc#1003000)

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 12-SP2:
      zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1668=1
    • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
      zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1668=1
    • SUSE Linux Enterprise Server 12-SP2:
      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1668=1
    • SUSE Linux Enterprise Desktop 12-SP2:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1668=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
      • libX11-debugsource-1.6.2-8.1
      • libX11-devel-1.6.2-8.1
      • libXfixes-debugsource-5.0.1-7.1
      • libXfixes-devel-5.0.1-7.1
      • libXi-debugsource-1.7.4-14.1
      • libXi-devel-1.7.4-14.1
      • libXrender-debugsource-0.9.8-7.1
      • libXrender-devel-0.9.8-7.1
      • libXtst-debugsource-1.2.2-7.1
      • libXtst-devel-1.2.2-7.1
      • libXv-debugsource-1.0.10-7.1
      • libXv-devel-1.0.10-7.1
      • libXvMC-debugsource-1.0.8-7.1
      • libXvMC-devel-1.0.8-7.1
    • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
      • libX11-6-1.6.2-8.1
      • libX11-6-debuginfo-1.6.2-8.1
      • libX11-debugsource-1.6.2-8.1
      • libX11-xcb1-1.6.2-8.1
      • libX11-xcb1-debuginfo-1.6.2-8.1
      • libXfixes-debugsource-5.0.1-7.1
      • libXfixes3-5.0.1-7.1
      • libXfixes3-debuginfo-5.0.1-7.1
      • libXi-debugsource-1.7.4-14.1
      • libXi6-1.7.4-14.1
      • libXi6-debuginfo-1.7.4-14.1
      • libXrender-debugsource-0.9.8-7.1
      • libXrender1-0.9.8-7.1
      • libXrender1-debuginfo-0.9.8-7.1
      • libXtst-debugsource-1.2.2-7.1
      • libXtst6-1.2.2-7.1
      • libXtst6-debuginfo-1.2.2-7.1
      • libXv-debugsource-1.0.10-7.1
      • libXv1-1.0.10-7.1
      • libXv1-debuginfo-1.0.10-7.1
      • libXvMC-debugsource-1.0.8-7.1
      • libXvMC1-1.0.8-7.1
      • libXvMC1-debuginfo-1.0.8-7.1
    • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):
      • libX11-data-1.6.2-8.1
    • SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):
      • libX11-6-1.6.2-8.1
      • libX11-6-debuginfo-1.6.2-8.1
      • libX11-debugsource-1.6.2-8.1
      • libX11-xcb1-1.6.2-8.1
      • libX11-xcb1-debuginfo-1.6.2-8.1
      • libXfixes-debugsource-5.0.1-7.1
      • libXfixes3-5.0.1-7.1
      • libXfixes3-debuginfo-5.0.1-7.1
      • libXi-debugsource-1.7.4-14.1
      • libXi6-1.7.4-14.1
      • libXi6-debuginfo-1.7.4-14.1
      • libXrender-debugsource-0.9.8-7.1
      • libXrender1-0.9.8-7.1
      • libXrender1-debuginfo-0.9.8-7.1
      • libXtst-debugsource-1.2.2-7.1
      • libXtst6-1.2.2-7.1
      • libXtst6-debuginfo-1.2.2-7.1
      • libXv-debugsource-1.0.10-7.1
      • libXv1-1.0.10-7.1
      • libXv1-debuginfo-1.0.10-7.1
      • libXvMC-debugsource-1.0.8-7.1
      • libXvMC1-1.0.8-7.1
      • libXvMC1-debuginfo-1.0.8-7.1
    • SUSE Linux Enterprise Server 12-SP2 (noarch):
      • libX11-data-1.6.2-8.1
    • SUSE Linux Enterprise Server 12-SP2 (x86_64):
      • libX11-6-32bit-1.6.2-8.1
      • libX11-6-debuginfo-32bit-1.6.2-8.1
      • libX11-xcb1-32bit-1.6.2-8.1
      • libX11-xcb1-debuginfo-32bit-1.6.2-8.1
      • libXfixes3-32bit-5.0.1-7.1
      • libXfixes3-debuginfo-32bit-5.0.1-7.1
      • libXi6-32bit-1.7.4-14.1
      • libXi6-debuginfo-32bit-1.7.4-14.1
      • libXrender1-32bit-0.9.8-7.1
      • libXrender1-debuginfo-32bit-0.9.8-7.1
      • libXtst6-32bit-1.2.2-7.1
      • libXtst6-debuginfo-32bit-1.2.2-7.1
      • libXv1-32bit-1.0.10-7.1
      • libXv1-debuginfo-32bit-1.0.10-7.1
    • SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
      • libX11-6-1.6.2-8.1
      • libX11-6-32bit-1.6.2-8.1
      • libX11-6-debuginfo-1.6.2-8.1
      • libX11-6-debuginfo-32bit-1.6.2-8.1
      • libX11-debugsource-1.6.2-8.1
      • libX11-xcb1-1.6.2-8.1
      • libX11-xcb1-32bit-1.6.2-8.1
      • libX11-xcb1-debuginfo-1.6.2-8.1
      • libX11-xcb1-debuginfo-32bit-1.6.2-8.1
      • libXfixes-debugsource-5.0.1-7.1
      • libXfixes3-32bit-5.0.1-7.1
      • libXfixes3-5.0.1-7.1
      • libXfixes3-debuginfo-32bit-5.0.1-7.1
      • libXfixes3-debuginfo-5.0.1-7.1
      • libXi-debugsource-1.7.4-14.1
      • libXi6-1.7.4-14.1
      • libXi6-32bit-1.7.4-14.1
      • libXi6-debuginfo-1.7.4-14.1
      • libXi6-debuginfo-32bit-1.7.4-14.1
      • libXrender-debugsource-0.9.8-7.1
      • libXrender1-0.9.8-7.1
      • libXrender1-32bit-0.9.8-7.1
      • libXrender1-debuginfo-0.9.8-7.1
      • libXrender1-debuginfo-32bit-0.9.8-7.1
      • libXtst-debugsource-1.2.2-7.1
      • libXtst6-1.2.2-7.1
      • libXtst6-32bit-1.2.2-7.1
      • libXtst6-debuginfo-1.2.2-7.1
      • libXtst6-debuginfo-32bit-1.2.2-7.1
      • libXv-debugsource-1.0.10-7.1
      • libXv1-1.0.10-7.1
      • libXv1-32bit-1.0.10-7.1
      • libXv1-debuginfo-1.0.10-7.1
      • libXv1-debuginfo-32bit-1.0.10-7.1
      • libXvMC-debugsource-1.0.8-7.1
      • libXvMC1-1.0.8-7.1
      • libXvMC1-debuginfo-1.0.8-7.1
    • SUSE Linux Enterprise Desktop 12-SP2 (noarch):
      • libX11-data-1.6.2-8.1

    References: