SB2013052702 - Input validation error in libxtst (Alpine package)
Published: May 27, 2013
Security Bulletin ID
SB2013052702
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-2063)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=93759380147080d8b32e154fab35efc2ed72f517
- https://git.alpinelinux.org/aports/commit/?id=1a986b6d1c449347db886c40abc2c7e2d8d2538b
- https://git.alpinelinux.org/aports/commit/?id=2f5911458fe8d62dab1d3f01e2140015ee63829a
- https://git.alpinelinux.org/aports/commit/?id=ca33affea49de655ea0a1aa27accea11f84df7c1