Overview Repositories Revisions Requests Users Attributes Meta
Security update for X Window System client libraries

This update for X Window System client libraries fixes a class of privilege
escalation issues.

A malicious X server could send specially crafted data to X clients, which
allowed for triggering crashes, or privilege escalation if this relationship
was untrusted or crossed user or permission level boundaries.

The following libraries have been fixed:

libX11:

- plugged a memory leak (boo#1002991, CVE-2016-7942).
- insufficient validation of data from the X server can cause
out of boundary memory read (XGetImage()) or write (XListFonts())
(boo#1002991, CVE-2016-7942).

libXi:

- Integer overflows in libXi can cause out of boundary memory access or
endless loops (Denial of Service) (boo#1002998, CVE-2016-7945).
- Insufficient validation of data in libXi can cause out of boundary memory
access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7946).

libXrandr:

- Insufficient validation of data from the X server can cause out
of boundary memory writes (boo#1003000, CVE-2016-7947, CVE-2016-7948).

Fixed bugs
bnc#1002991
VUL-0: CVE-2016-7942, CVE-2016-7943: xorg-x11-libX11,libX11: insufficient validation of data from the X server
bnc#1002998
VUL-0: CVE-2016-7945, CVE-2016-7946: libXi: Integer overflows causes mishandling of reply data from the X server
bnc#1003000
VUL-0: CVE-2016-7947, CVE-2016-7948: libXrandr: insufficient validation of data can cause out of boundary memory writes.
CVE-2016-7942
CVE-2016-7945
CVE-2016-7946
CVE-2016-7947
CVE-2016-7948
Selected Binaries
openSUSE Build Service is sponsored by
Places