SB2016110133 - Slackware Linux update for x11
Published: November 1, 2016 Updated: May 6, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2016-5407)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-7942)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.
3) Out-of-bounds write (CVE-ID: CVE-2016-7943)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.
4) Integer overflow (CVE-ID: CVE-2016-7944)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
5) Out-of-bounds read (CVE-ID: CVE-2016-7945)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.
6) Improper access control (CVE-ID: CVE-2016-7946)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.
7) Integer overflow (CVE-ID: CVE-2016-7947)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
8) Out-of-bounds write (CVE-ID: CVE-2016-7948)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.
9) Input validation error (CVE-ID: CVE-2016-7949)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.
10) Out-of-bounds write (CVE-ID: CVE-2016-7950)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.
11) Out-of-bounds read (CVE-ID: CVE-2016-7951)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
12) Input validation error (CVE-ID: CVE-2016-7952)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.
13) Buffer overflow (CVE-ID: CVE-2016-7953)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.
Remediation
Install update from vendor's website.