MGASA-2018-0377

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0377.html

Import Source

https://advisories.mageia.org/MGASA-2018-0377.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0377

Related

Published

2018-09-20T23:17:55Z

Modified

2018-09-20T22:55:32Z

Summary

Updated libx11 packages fix security vulnerabilities

Details

Updated libx11 packages fix security vulnerabilities:

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (CVE-2018-14598).

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (CVE-2018-14599).

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (CVE-2018-14600).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / libx11

Package

Name: libx11
Purl: pkg:rpm/mageia/libx11?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.5-1.1.mga6

Ecosystem specific

{
    "section": "core"
}