Oval Definition:	oval:org.opensuse.security:def:55821
Revision Date: 2020-12-01 Version: 1 Title: Security update for X Window System client libraries (Moderate) Description: This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically: libX11: - CVE-2016-7942: insufficient validation of data from the X server allowed out of boundary memory read (bsc#1002991) libXfixes: - CVE-2016-7944: insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995) libXi: - CVE-2016-7945, CVE-2016-7946: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998) libXtst: - CVE-2016-7951, CVE-2016-7952: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012) libXv: - CVE-2016-5407: insufficient validation of data from the X server can cause out of boundary memory and memory corruption (bsc#1003017) libXvMC: - CVE-2016-7953: insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023) libXrender: - CVE-2016-7949, CVE-2016-7950: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002) libXrandr: - CVE-2016-7947, CVE-2016-7948: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000) Family: unix Class: patch Status: Reference(s): 1002991 1002995 1002998 1003000 1003002 1003012 1003017 1003023 1034849 1056278 1056280 1056281 1056282 1112039 1118319 1118320 1160571 850148 872796 880984 924828 936923 940918 946880 947271 956159 957568 960506 961305 967190 968787 969727 973010 973164 975930 976340 980483 980854 CVE-2009-0159 CVE-2009-1252 CVE-2013-1741 CVE-2013-5211 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 CVE-2014-0595 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 CVE-2015-1799 CVE-2015-2806 CVE-2015-3405 CVE-2015-4495 CVE-2015-5567 CVE-2015-5568 CVE-2015-5570 CVE-2015-5571 CVE-2015-5572 CVE-2015-5573 CVE-2015-5574 CVE-2015-5575 CVE-2015-5576 CVE-2015-5577 CVE-2015-5578 CVE-2015-5579 CVE-2015-5580 CVE-2015-5581 CVE-2015-5582 CVE-2015-5584 CVE-2015-5587 CVE-2015-5588 CVE-2015-6676 CVE-2015-6677 CVE-2015-6678 CVE-2015-6679 CVE-2015-6682 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-8313 CVE-2015-8605 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-1234 CVE-2016-3075 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 CVE-2016-3706 CVE-2016-4429 CVE-2016-5407 CVE-2016-7942 CVE-2016-7944 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 CVE-2016-7949 CVE-2016-7950 CVE-2016-7951 CVE-2016-7952 CVE-2016-7953 CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 CVE-2018-18386 CVE-2018-9568 CVE-2019-5188 SUSE-SU-2015:1380-1 SUSE-SU-2015:1614-1 SUSE-SU-2016:0077-1 SUSE-SU-2016:0541-1 SUSE-SU-2016:1248-1 SUSE-SU-2016:1733-1 SUSE-SU-2016:2505-1 SUSE-SU-2017:1400-1 SUSE-SU-2017:2466-1 SUSE-SU-2018:4154-1 SUSE-SU-2020:0360-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information apache2-2.4.33-lp150.1 is installed OR apache2-doc-2.4.33-lp150.1 is installed OR apache2-example-pages-2.4.33-lp150.1 is installed OR apache2-prefork-2.4.33-lp150.1 is installed OR apache2-utils-2.4.33-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libecpg6-10.9-lp151.2.3 is installed OR libecpg6-32bit-10.9-lp151.2.3 is installed OR libpq5-10.9-lp151.2.3 is installed OR libpq5-32bit-10.9-lp151.2.3 is installed OR postgresql10-10.9-lp151.2.3 is installed OR postgresql10-contrib-10.9-lp151.2.3 is installed OR postgresql10-devel-10.9-lp151.2.3 is installed OR postgresql10-docs-10.9-lp151.2.3 is installed OR postgresql10-plperl-10.9-lp151.2.3 is installed OR postgresql10-plpython-10.9-lp151.2.3 is installed OR postgresql10-pltcl-10.9-lp151.2.3 is installed OR postgresql10-server-10.9-lp151.2.3 is installed OR postgresql10-test-10.9-lp151.2.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information libfreebl3-3.15.3-0.3 is installed OR libfreebl3-32bit-3.15.3-0.3 is installed OR mozilla-nspr-4.10.2-0.3 is installed OR mozilla-nspr-32bit-4.10.2-0.3 is installed OR mozilla-nss-3.15.3-0.3 is installed OR mozilla-nss-32bit-3.15.3-0.3 is installed OR mozilla-nss-tools-3.15.3-0.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-31.8.0esr-0.13 is installed OR MozillaFirefox-translations-31.8.0esr-0.13 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information flash-player-11.2.202.521-0.17 is installed OR flash-player-gnome-11.2.202.521-0.17 is installed OR flash-player-kde4-11.2.202.521-0.17 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libX11-1.6.2-6 is installed OR libX11-6-1.6.2-6 is installed OR libX11-6-32bit-1.6.2-6 is installed OR libX11-data-1.6.2-6 is installed OR libX11-xcb1-1.6.2-6 is installed OR libX11-xcb1-32bit-1.6.2-6 is installed OR libXfixes-5.0.1-5 is installed OR libXfixes3-5.0.1-5 is installed OR libXfixes3-32bit-5.0.1-5 is installed OR libXi-1.7.4-12 is installed OR libXi6-1.7.4-12 is installed OR libXi6-32bit-1.7.4-12 is installed OR libXrandr-1.4.2-5 is installed OR libXrandr2-1.4.2-5 is installed OR libXrandr2-32bit-1.4.2-5 is installed OR libXrender-0.9.8-5 is installed OR libXrender1-0.9.8-5 is installed OR libXrender1-32bit-0.9.8-5 is installed OR libXtst-1.2.2-5 is installed OR libXtst6-1.2.2-5 is installed OR libXtst6-32bit-1.2.2-5 is installed OR libXv-1.0.10-5 is installed OR libXv1-1.0.10-5 is installed OR libXv1-32bit-1.0.10-5 is installed OR libXvMC-1.0.8-5 is installed OR libXvMC1-1.0.8-5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information e2fsprogs-1.43.8-3.11 is installed OR libcom_err2-1.43.8-3.11 is installed OR libcom_err2-32bit-1.43.8-3.11 is installed OR libext2fs2-1.43.8-3.11 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information ntp-4.2.8p4-1 is installed OR ntp-doc-4.2.8p4-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_93-default-6-2 is installed OR kgraft-patch-3_12_74-60_64_93-xen-6-2 is installed OR kgraft-patch-SLE12-SP1_Update_28-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND chrony-2.3-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libecpg6-10.9-1.12 is installed OR libpq5-10.9-1.12 is installed OR libpq5-32bit-10.9-1.12 is installed OR postgresql10-10.9-1.12 is installed OR postgresql10-contrib-10.9-1.12 is installed OR postgresql10-docs-10.9-1.12 is installed OR postgresql10-libs-10.9-1.12 is installed OR postgresql10-plperl-10.9-1.12 is installed OR postgresql10-plpython-10.9-1.12 is installed OR postgresql10-pltcl-10.9-1.12 is installed OR postgresql10-server-10.9-1.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_120-default-3-2 is installed OR kgraft-patch-SLE12-SP2_Update_32-3-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information xen-4.7.6_04-43.39 is installed OR xen-doc-html-4.7.6_04-43.39 is installed OR xen-libs-4.7.6_04-43.39 is installed OR xen-libs-32bit-4.7.6_04-43.39 is installed OR xen-tools-4.7.6_04-43.39 is installed OR xen-tools-domU-4.7.6_04-43.39 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information fontconfig-2.11.1-7 is installed OR fontconfig-32bit-2.11.1-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information ghostscript-9.27-23.28 is installed OR ghostscript-x11-9.27-23.28 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information java-1_7_1-ibm-1.7.1_sr4.30-38.26 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information gstreamer-plugins-base-1.8.3-12 is installed OR gstreamer-plugins-base-lang-1.8.3-12 is installed OR libgstallocators-1_0-0-1.8.3-12 is installed OR libgstapp-1_0-0-1.8.3-12 is installed OR libgstapp-1_0-0-32bit-1.8.3-12 is installed OR libgstaudio-1_0-0-1.8.3-12 is installed OR libgstaudio-1_0-0-32bit-1.8.3-12 is installed OR libgstfft-1_0-0-1.8.3-12 is installed OR libgstpbutils-1_0-0-1.8.3-12 is installed OR libgstpbutils-1_0-0-32bit-1.8.3-12 is installed OR libgstriff-1_0-0-1.8.3-12 is installed OR libgstrtp-1_0-0-1.8.3-12 is installed OR libgstrtsp-1_0-0-1.8.3-12 is installed OR libgstsdp-1_0-0-1.8.3-12 is installed OR libgsttag-1_0-0-1.8.3-12 is installed OR libgsttag-1_0-0-32bit-1.8.3-12 is installed OR libgstvideo-1_0-0-1.8.3-12 is installed OR libgstvideo-1_0-0-32bit-1.8.3-12 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information xen-4.5.5_16-22.28 is installed OR xen-doc-html-4.5.5_16-22.28 is installed OR xen-kmp-default-4.5.5_16_k3.12.74_60.64.57-22.28 is installed OR xen-libs-4.5.5_16-22.28 is installed OR xen-libs-32bit-4.5.5_16-22.28 is installed OR xen-tools-4.5.5_16-22.28 is installed OR xen-tools-domU-4.5.5_16-22.28 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information ghostscript-9.26-23.16 is installed OR ghostscript-x11-9.26-23.16 is installed OR libspectre-0.2.7-12.4 is installed OR libspectre1-0.2.7-12.4 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND python-Werkzeug-0.12.2-3.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information kernel-default-4.4.180-94.113 is installed OR kernel-default-base-4.4.180-94.113 is installed OR kernel-default-devel-4.4.180-94.113 is installed OR kernel-default-kgraft-4.4.180-94.113 is installed OR kernel-devel-4.4.180-94.113 is installed OR kernel-macros-4.4.180-94.113 is installed OR kernel-source-4.4.180-94.113 is installed OR kernel-syms-4.4.180-94.113 is installed OR kgraft-patch-4_4_180-94_113-default-1-4.5 is installed OR kgraft-patch-SLE12-SP3_Update_30-1-4.5 is installed
BACK