MGASA-2018-0011

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0011.html

Import Source

https://advisories.mageia.org/MGASA-2018-0011.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0011

Related

Published

2018-01-01T15:50:28Z

Modified

2018-01-01T15:21:48Z

Summary

Updated X11 client libraries packages fix security vulnerability

Details

The XvQueryAdaptors and XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data (CVE-2016-5407).

The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations (CVE-2016-7942).

The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations (CVE-2016-7943).

Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync (CVE-2016-7944).

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields (CVE-2016-7945).

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields (CVE-2016-7946).

Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response (CVE-2016-7947).

X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data (CVE-2016-7948).

Multiple buffer overflows in the XvQueryAdaptors and XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields (CVE-2016-7949).

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths (CVE-2016-7950).

Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks (CVE-2016-7951).

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the XRecordStartOfData, XRecordEndOfData, or XRecordClientDied category without a client sequence and with attached data (CVE-2016-7952).

Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string (CVE-2016-7953).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / libx11

Package

Name: libx11
Purl: pkg:rpm/mageia/libx11?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.5-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / libxv

Package

Name: libxv
Purl: pkg:rpm/mageia/libxv?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.11-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / libxrender

Package

Name: libxrender
Purl: pkg:rpm/mageia/libxrender?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.10-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / libxtst

Package

Name: libxtst
Purl: pkg:rpm/mageia/libxtst?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / libxi

Package

Name: libxi
Purl: pkg:rpm/mageia/libxi?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.7-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / libxrandr

Package

Name: libxrandr
Purl: pkg:rpm/mageia/libxrandr?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.2-4.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / libxfixes

Package

Name: libxfixes
Purl: pkg:rpm/mageia/libxfixes?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.3-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / libxvmc

Package

Name: libxvmc
Purl: pkg:rpm/mageia/libxvmc?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.10-1.mga5

Ecosystem specific

{
    "section": "core"
}