Overview

File _patchinfo of Package patchinfo.8392

<patchinfo incident="8392">
  <issue tracker="bnc" id="1102073">VUL-0: EMBARGOED: CVE-2018-14598: libX11,xorg-x11-libX11, xorg-x11: crash on invalid reply in XListExtensions</issue>
  <issue tracker="bnc" id="1102068">VUL-0: EMBARGOED: CVE-2018-14600: libX11,xorg-x11-libX11, xorg-x11: out of boundary write in XListExtensions</issue>
  <issue tracker="bnc" id="1102062">VUL-0: EMBARGOED: CVE-2018-14599: libX11,xorg-x11-libX11, xorg-x11: off-by-one write in XListExtensions</issue>
  <issue tracker="cve" id="2018-14600"/>
  <issue tracker="cve" id="2018-14599"/>
  <issue tracker="cve" id="2018-14598"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>sndirsch</packager>
  <description>This update for libX11 fixes the following security issues:

- CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one
  error caused by malicious server responses, leading to DoS or possibly
  unspecified other impact (bsc#1102062)
- CVE-2018-14600: The function XListExtensions interpreted a variable as signed
  instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes),
  leading to DoS or remote code execution (bsc#1102068)
- CVE-2018-14598: A malicious server could have sent a reply in which the first
  string overflows, causing a variable to be set to NULL that will be freed later
  on, leading to DoS (segmentation fault) (bsc#1102073)
</description>
  <summary>Security update for libX11</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places