File _patchinfo of Package patchinfo.5949

<patchinfo incident="5949">
  <issue id="1002991" tracker="bnc">VUL-0: CVE-2016-7942, CVE-2016-7943: xorg-x11-libX11,libX11: insufficient validation of data from the X server</issue>
  <issue id="1002998" tracker="bnc">VUL-0: CVE-2016-7945, CVE-2016-7946: libXi: Integer overflows causes mishandling of reply data from the X server</issue>
  <issue id="1003000" tracker="bnc">VUL-0: CVE-2016-7947, CVE-2016-7948: libXrandr: insufficient validation of data  can cause out of boundary memory writes.</issue>
  <issue id="2016-7942" tracker="cve" />
  <issue id="2016-7945" tracker="cve" />
  <issue id="2016-7946" tracker="cve" />
  <issue id="2016-7947" tracker="cve" />
  <issue id="2016-7948" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>sndirsch</packager>
  <description>
This update for X Window System client libraries fixes a class of privilege
escalation issues.

A malicious X server could send specially crafted data to X clients, which
allowed for triggering crashes, or privilege escalation if this relationship
was untrusted or crossed user or permission level boundaries.

The following libraries have been fixed:

libX11:
 
- plugged a memory leak (boo#1002991, CVE-2016-7942).
- insufficient validation of data from the X server can cause
  out of boundary memory read (XGetImage()) or write (XListFonts())
  (boo#1002991, CVE-2016-7942).

libXi:

- Integer overflows in libXi can cause out of boundary memory access or
  endless loops (Denial of Service) (boo#1002998, CVE-2016-7945).
- Insufficient validation of data in libXi can cause out of boundary memory
  access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7946).

libXrandr:

- Insufficient validation of data from the X server can cause out
  of boundary memory writes (boo#1003000, CVE-2016-7947, CVE-2016-7948).
</description>
<summary>Security update for X Window System client libraries</summary>
</patchinfo>