This update for X Window System client libraries fixes a class of privilege
escalation issues.
A malicious X server could send specially crafted data to X clients, which
allowed for triggering crashes, or privilege escalation if this relationship
was untrusted or crossed user or permission level boundaries.
The following libraries have been fixed:
libX11:
- plugged a memory leak (boo#1002991, CVE-2016-7942).
- insufficient validation of data from the X server can cause
out of boundary memory read (XGetImage()) or write (XListFonts())
(boo#1002991, CVE-2016-7942).
libXi:
- Integer overflows in libXi can cause out of boundary memory access or
endless loops (Denial of Service) (boo#1002998, CVE-2016-7945).
- Insufficient validation of data in libXi can cause out of boundary memory
access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7946).
libXrandr:
- Insufficient validation of data from the X server can cause out
of boundary memory writes (boo#1003000, CVE-2016-7947, CVE-2016-7948).
- Submitted by Stefan Dirsch (sndirsch)