oss-sec mailing list archives

Re: X.Org security advisory: Protocol handling issues in X Window System client libraries

From: cve-assign () mitre org
Date: Tue, 4 Oct 2016 12:45:44 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

libX11 - insufficient validation of data from the X server
       can cause out of boundary memory read (XGetImage())
       or write (XListFonts()).
       Affected versions libX11 <= 1.6.3

https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17 Validation of server 
responses in XGetImage()


Use CVE-2016-7942.

https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9 The validation of 
server responses avoids out of boundary accesses.


Use CVE-2016-7943.

libXfixes - insufficient validation of data from the X server
      can cause an integer overflow on 32 bit architectures.
      Affected versions : libXfixes <= 5.0.2
https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e Integer overflow 
on illegal server response


Use CVE-2016-7944.

libXi - insufficient validation of data from the X server
      can cause out of boundary memory access or
      endless loops (Denial of Service).
      Affected versions libXi <= 1.7.6
https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5 Properly validate 
server responses.


Use CVE-2016-7945 for all of the integer overflows

Use CVE-2016-7946 for all of the other mishandling of the reply data.

libXrandr - insufficient validation of data from the X server
      can cause out of boundary memory writes.
      Affected versions: libXrandr <= 1.5.0
https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6 Avoid out of 
boundary accesses on illegal responses


Use CVE-2016-7947 for all of the integer overflows

Use CVE-2016-7948 for all of the other mishandling of the reply data.

libXrender - insufficient validation of data from the X server
      can cause out of boundary memory writes.
      Affected version: libXrender <= 0.9.9

https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4 Validate lengths 
while parsing server data.


Use CVE-2016-7949.

https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714 Avoid OOB write 
in XRenderQueryFilters


Use CVE-2016-7950.

XRecord - insufficient validation of data from the X server
        can cause out of boundary memory access or
      endless loops (Denial of Service).
       Affected version libXtst <= 1.2.2
https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3 Out of boundary 
access and endless loop in libXtst


Use CVE-2016-7951 for all of the integer overflows

Use CVE-2016-7952 for all of the other mishandling of the reply data.

libXv - insufficient validation of data from the X server
        can cause out of boundary memory and memory corruption.
      CVE-2016-5407
      affected versions libXv <= 1.0.10
https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17 Protocol handling 
issues in libXv


(aka 87b3c94)

People may want to look at https://access.redhat.com/security/cve/cve-2016-5407
in the coming days for additional information.

libXvMC - insufficient validation of data from the X server
      can cause a one byte buffer read underrun.
      Affected versions: libXvMC <= 1.0.9
https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb Avoid buffer 
underflow on empty strings.


Use CVE-2016-7953.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX89wWAAoJEHb/MwWLVhi2B1oQAIpH3CzWwMQ3IAuGhWgV5YvZ
LSmNkx+lXjT2yFHpkOxie4JgX0udC/KbK+SnTKZNS3pP3Bkq0A6M1nw3o1bOFyeL
qTAIncyXiyWEIhWsU/1VXExdlWY3ZakxEZiKxkHZqAgr96+p0+3w8I1URpDmE4Dz
G552K/E3OOrxFBgd5tj724HXYkyrXaWbpxAvYGMt971OHplv5fVKCZnakDL11DVR
4yFGJmFTVsN28X2qgOJif5K6m8BlP3X6y3349FygbfdwWrEUVGWI+X5izL5G11Bf
vxJ24ibfi3f9f5ktT2m561k4ftR/nMIyFJiRv+3L2MGIsPFIgjvp5SyHsvEZKh4Y
GTLGggTQJ1dMrKEdrTGXizyewRVga07+8h9XtPgPpHoqNk3hjnkC0LHiA7lHh+HR
YCyID6lAR1BGnfvEW5tkf9dQszk0Xoi+rbF/x5fDxOhCYA/8ywJmd3O6QUefLaHG
1BLJCoH/+7FUg9MMKKGDBrova0m1mwcDHncbSNz0aA7Scti06WX1xLZP3w2VT079
eD1Q7JQ8A8xeEVqCrRLyI0B+Y3RcSIoZUMLjwVjN+9ao29JmAykAH6kyoT0zfB+u
F8tVW0BRQudxuhTEtLPnK2EfBb+gG5asMPLSNZixYDe+hHh5jM1VMzv6GE90mlqA
mQ0YAv9uozEzoV/R5ADg
=Lv54
-----END PGP SIGNATURE-----

Current thread:

X.Org security advisory: Protocol handling issues in X Window System client libraries Matthieu Herrb (Oct 04)
- Re: X.Org security advisory: Protocol handling issues in X Window System client libraries Marcus Meissner (Oct 04)
  - Re: X.Org security advisory: Protocol handling issues in X Window System client libraries cve-assign (Oct 04)