Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue,  4 Oct 2016 12:45:44 -0400 (EDT)
From: cve-assign@...re.org
To: meissner@...e.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: X.Org security advisory: Protocol handling issues in X Window System client libraries

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> libX11 - insufficient validation of data from the X server
>        can cause out of boundary memory read (XGetImage())
>        or write (XListFonts()).
>        Affected versions libX11 <= 1.6.3

> https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17 Validation of server responses in XGetImage()

Use CVE-2016-7942.


> https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9 The validation of server responses avoids out of boundary accesses.

Use CVE-2016-7943.


> libXfixes - insufficient validation of data from the X server
>       can cause an integer overflow on 32 bit architectures.
>       Affected versions : libXfixes <= 5.0.2
> https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e Integer overflow on illegal server response

Use CVE-2016-7944.


> libXi - insufficient validation of data from the X server
>       can cause out of boundary memory access or
>       endless loops (Denial of Service).
>       Affected versions libXi <= 1.7.6
> https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5 Properly validate server responses.

Use CVE-2016-7945 for all of the integer overflows

Use CVE-2016-7946 for all of the other mishandling of the reply data.


> libXrandr - insufficient validation of data from the X server
>       can cause out of boundary memory writes.
>       Affected versions: libXrandr <= 1.5.0
> https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6 Avoid out of boundary accesses on illegal responses

Use CVE-2016-7947 for all of the integer overflows

Use CVE-2016-7948 for all of the other mishandling of the reply data.


> libXrender - insufficient validation of data from the X server
>       can cause out of boundary memory writes.
>       Affected version: libXrender <= 0.9.9

> https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4 Validate lengths while parsing server data.

Use CVE-2016-7949.


> https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714 Avoid OOB write in XRenderQueryFilters

Use CVE-2016-7950.


> XRecord - insufficient validation of data from the X server
>         can cause out of boundary memory access or
>       endless loops (Denial of Service).
>        Affected version libXtst <= 1.2.2
> https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3 Out of boundary access and endless loop in libXtst

Use CVE-2016-7951 for all of the integer overflows

Use CVE-2016-7952 for all of the other mishandling of the reply data.


> libXv - insufficient validation of data from the X server
>         can cause out of boundary memory and memory corruption.
>       CVE-2016-5407
>       affected versions libXv <= 1.0.10
> https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17 Protocol handling issues in libXv

(aka 87b3c94)

People may want to look at https://access.redhat.com/security/cve/cve-2016-5407
in the coming days for additional information.


> libXvMC - insufficient validation of data from the X server
>       can cause a one byte buffer read underrun.
>       Affected versions: libXvMC <= 1.0.9
> https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb Avoid buffer underflow on empty strings.

Use CVE-2016-7953.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX89wWAAoJEHb/MwWLVhi2B1oQAIpH3CzWwMQ3IAuGhWgV5YvZ
LSmNkx+lXjT2yFHpkOxie4JgX0udC/KbK+SnTKZNS3pP3Bkq0A6M1nw3o1bOFyeL
qTAIncyXiyWEIhWsU/1VXExdlWY3ZakxEZiKxkHZqAgr96+p0+3w8I1URpDmE4Dz
G552K/E3OOrxFBgd5tj724HXYkyrXaWbpxAvYGMt971OHplv5fVKCZnakDL11DVR
4yFGJmFTVsN28X2qgOJif5K6m8BlP3X6y3349FygbfdwWrEUVGWI+X5izL5G11Bf
vxJ24ibfi3f9f5ktT2m561k4ftR/nMIyFJiRv+3L2MGIsPFIgjvp5SyHsvEZKh4Y
GTLGggTQJ1dMrKEdrTGXizyewRVga07+8h9XtPgPpHoqNk3hjnkC0LHiA7lHh+HR
YCyID6lAR1BGnfvEW5tkf9dQszk0Xoi+rbF/x5fDxOhCYA/8ywJmd3O6QUefLaHG
1BLJCoH/+7FUg9MMKKGDBrova0m1mwcDHncbSNz0aA7Scti06WX1xLZP3w2VT079
eD1Q7JQ8A8xeEVqCrRLyI0B+Y3RcSIoZUMLjwVjN+9ao29JmAykAH6kyoT0zfB+u
F8tVW0BRQudxuhTEtLPnK2EfBb+gG5asMPLSNZixYDe+hHh5jM1VMzv6GE90mlqA
mQ0YAv9uozEzoV/R5ADg
=Lv54
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.