[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2014:1436 -- centos 6 libXxf86vm

ID: oval:org.secpod.oval:def:204277Date: (C)2017-03-10   (M)2023-07-28
Class: PATCHFamily: unix




The X11 libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system. Multiple array index errors, leading to heap-based buffer out-of-bounds write flaws, were found in the way various X11 client libraries handled data returned from an X11 server. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. A buffer overflow flaw was found in the way the XListInputDevices function of X.Org X11"s libXi runtime library handled signed numbers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file. The xkeyboard-config package has been upgraded to upstream version 2.11, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following bugs: * Previously, updating the mesa-libGL package did not update the libX11 package, although it was listed as a dependency of mesa-libGL. This bug has been fixed and updating mesa-libGL now updates all dependent packages as expected. * Previously, closing a customer application could occasionally cause the X Server to terminate unexpectedly. After this update, the X Server no longer hangs when a user closes a customer application. All X11 client libraries users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.

Platform:
CentOS 6
Product:
libXxf86vm
Reference:
CESA-2014:1436
CVE-2013-2063
CVE-2013-1992
CVE-2013-1997
CVE-2013-1995
CVE-2013-1991
CVE-2013-1990
CVE-2013-1999
CVE-2013-1998
CVE-2013-1981
CVE-2013-1982
CVE-2013-1983
CVE-2013-1984
CVE-2013-1985
CVE-2013-1986
CVE-2013-1987
CVE-2013-1988
CVE-2013-1989
CVE-2013-2004
CVE-2013-2005
CVE-2013-2000
CVE-2013-2001
CVE-2013-2002
CVE-2013-2003
CVE-2013-2066
CVE-2013-2064
CVE-2013-2062
CVE-2013-7439
CVE    27
CVE-2013-1983
CVE-2013-1982
CVE-2013-1985
CVE-2013-1984
...
CPE    8
cpe:/a:x:libxxf86vm:1.1.2
cpe:/a:x:libxxf86vm:1.0.1
cpe:/a:x:libxxf86vm:1.1.0
cpe:/a:x:libxxf86vm:1.0.2
...

© SecPod Technologies