Oval Definition:oval:org.mitre.oval:def:26759
Revision Date:2015-04-13Version:11
Title:RHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update (Moderate)
Description:The X11 (Xorg) libraries provide library routines that are used within allX Window applications.Multiple integer overflow flaws, leading to heap-based buffer overflows,were found in the way various X11 client libraries handled certain protocoldata. An attacker able to submit invalid protocol data to an X11 server viaa malicious X11 client could use either of these flaws to potentiallyescalate their privileges on the system. (CVE-2013-1981, CVE-2013-1982,CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987,CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-2003,CVE-2013-2062, CVE-2013-2064)Multiple array index errors, leading to heap-based buffer out-of-boundswrite flaws, were found in the way various X11 client libraries handleddata returned from an X11 server. A malicious X11 server could possibly usethis flaw to execute arbitrary code with the privileges of the user runningan X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000,CVE-2013-2001, CVE-2013-2002, CVE-2013-2066)A buffer overflow flaw was found in the way the XListInputDevices()function of X.Org X11's libXi runtime library handled signed numbers.A malicious X11 server could possibly use this flaw to execute arbitrarycode with the privileges of the user running an X11 client. (CVE-2013-1995)A flaw was found in the way the X.Org X11 libXt runtime library useduninitialized pointers. A malicious X11 server could possibly use this flawto execute arbitrary code with the privileges of the user running an X11client. (CVE-2013-2005)Two stack-based buffer overflow flaws were found in the way libX11, theCore X11 protocol client library, processed certain user-specified files.A malicious X11 server could possibly use this flaw to crash an X11 clientvia a specially crafted file. (CVE-2013-2004)The xkeyboard-config package has been upgraded to upstream version 2.11,which provides a number of bug fixes and enhancements over the previousversion. (BZ#1077471)This update also fixes the following bugs:* Previously, updating the mesa-libGL package did not update the libX11package, although it was listed as a dependency of mesa-libGL. This bug hasbeen fixed and updating mesa-libGL now updates all dependent packages asexpected. (BZ#1054614)* Previously, closing a customer application could occasionally cause the XServer to terminate unexpectedly. After this update, the X Server no longerhangs when a user closes a customer application. (BZ#971626)All X11 client libraries users are advised to upgrade to these updatedpackages, which correct these issues and add these enhancements.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2014:1436-CentOS 6
CVE-2013-1981
CVE-2013-1982
CVE-2013-1983
CVE-2013-1984
CVE-2013-1985
CVE-2013-1986
CVE-2013-1987
CVE-2013-1988
CVE-2013-1989
CVE-2013-1990
CVE-2013-1991
CVE-2013-1995
CVE-2013-1997
CVE-2013-1998
CVE-2013-1999
CVE-2013-2000
CVE-2013-2001
CVE-2013-2002
CVE-2013-2003
CVE-2013-2004
CVE-2013-2005
CVE-2013-2062
CVE-2013-2064
CVE-2013-2066
RHSA-2014:1436-01
Platform(s):CentOS Linux 6
Red Hat Enterprise Linux 6
Product(s):libdmx
libX11
libxcb
libXcursor
libXext
libXfixes
libXi
libXinerama
libXp
libXrandr
libXrender
libXres
libXt
libXtst
libXv
libXvMC
libXxf86dga
libXxf86vm
xcb-proto
xkeyboard-config
xorg-x11-proto-devel
xorg-x11-xtrans-devel
Definition Synopsis
  • Red Hat Enterprise Linux 6 and CentOS Linux 6 release section
  • Operation system section
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • OR The operating system installed on the system is CentOS Linux 6.x
  • AND Packages match section
  • libX11 is earlier than 0:1.6.0-2.2.el6
  • OR libX11-common is earlier than 0:1.6.0-2.2.el6
  • OR libX11-devel is earlier than 0:1.6.0-2.2.el6
  • OR libXcursor is earlier than 0:1.1.14-2.1.el6
  • OR libXcursor-devel is earlier than 0:1.1.14-2.1.el6
  • OR libXext is earlier than 0:1.3.2-2.1.el6
  • OR libXext-devel is earlier than 0:1.3.2-2.1.el6
  • OR libXfixes is earlier than 0:5.0.1-2.1.el6
  • OR libXfixes-devel is earlier than 0:5.0.1-2.1.el6
  • OR libXi is earlier than 0:1.7.2-2.2.el6
  • OR libXi-devel is earlier than 0:1.7.2-2.2.el6
  • OR libXinerama is earlier than 0:1.1.3-2.1.el6
  • OR libXinerama-devel is earlier than 0:1.1.3-2.1.el6
  • OR libXp is earlier than 0:1.0.2-2.1.el6
  • OR libXp-devel is earlier than 0:1.0.2-2.1.el6
  • OR libXrandr is earlier than 0:1.4.1-2.1.el6
  • OR libXrandr-devel is earlier than 0:1.4.1-2.1.el6
  • OR libXrender is earlier than 0:0.9.8-2.1.el6
  • OR libXrender-devel is earlier than 0:0.9.8-2.1.el6
  • OR libXres is earlier than 0:1.0.7-2.1.el6
  • OR libXres-devel is earlier than 0:1.0.7-2.1.el6
  • OR libXt is earlier than 0:1.1.4-6.1.el6
  • OR libXt-devel is earlier than 0:1.1.4-6.1.el6
  • OR libXtst is earlier than 0:1.2.2-2.1.el6
  • OR libXtst-devel is earlier than 0:1.2.2-2.1.el6
  • OR libXv is earlier than 0:1.0.9-2.1.el6
  • OR libXv-devel is earlier than 0:1.0.9-2.1.el6
  • OR libXvMC is earlier than 0:1.0.8-2.1.el6
  • OR libXvMC-devel is earlier than 0:1.0.8-2.1.el6
  • OR libXxf86dga is earlier than 0:1.1.4-2.1.el6
  • OR libXxf86dga-devel is earlier than 0:1.1.4-2.1.el6
  • OR libXxf86vm is earlier than 0:1.1.3-2.1.el6
  • OR libXxf86vm-devel is earlier than 0:1.1.3-2.1.el6
  • OR libdmx is earlier than 0:1.1.3-3.el6
  • OR libdmx-devel is earlier than 0:1.1.3-3.el6
  • OR libxcb is earlier than 0:1.9.1-2.el6
  • OR libxcb-devel is earlier than 0:1.9.1-2.el6
  • OR libxcb-doc is earlier than 0:1.9.1-2.el6
  • OR libxcb-python is earlier than 0:1.9.1-2.el6
  • OR xcb-proto is earlier than 0:1.8-3.el6
  • OR xkeyboard-config is earlier than 0:2.11-1.el6
  • OR xkeyboard-config-devel is earlier than 0:2.11-1.el6
  • OR xorg-x11-proto-devel is earlier than 0:7.7-9.el6
  • OR xorg-x11-xtrans-devel is earlier than 0:1.3.4-1.el6
  • Red Hat Enterprise Linux 6 release section
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • AND Packages match section
  • libX11-debuginfo is earlier than 0:1.6.0-2.2.el6
  • OR libXcursor-debuginfo is earlier than 0:1.1.14-2.1.el6
  • OR libXext-debuginfo is earlier than 0:1.3.2-2.1.el6
  • OR libXfixes-debuginfo is earlier than 0:5.0.1-2.1.el6
  • OR libXi-debuginfo is earlier than 0:1.7.2-2.2.el6
  • OR libXinerama-debuginfo is earlier than 0:1.1.3-2.1.el6
  • OR libXp-debuginfo is earlier than 0:1.0.2-2.1.el6
  • OR libXrandr-debuginfo is earlier than 0:1.4.1-2.1.el6
  • OR libXrender-debuginfo is earlier than 0:0.9.8-2.1.el6
  • OR libXres-debuginfo is earlier than 0:1.0.7-2.1.el6
  • OR libXt-debuginfo is earlier than 0:1.1.4-6.1.el6
  • OR libXtst-debuginfo is earlier than 0:1.2.2-2.1.el6
  • OR libXv-debuginfo is earlier than 0:1.0.9-2.1.el6
  • OR libXvMC-debuginfo is earlier than 0:1.0.8-2.1.el6
  • OR libXxf86dga-debuginfo is earlier than 0:1.1.4-2.1.el6
  • OR libXxf86vm-debuginfo is earlier than 0:1.1.3-2.1.el6
  • OR libdmx-debuginfo is earlier than 0:1.1.3-3.el6
  • OR libxcb-debuginfo is earlier than 0:1.9.1-2.el6
    • BACK