SB2017041014 - Gentoo update for X.Org

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017041014

SB2017041014 - Gentoo update for X.Org

Published: April 10, 2017 Updated: April 11, 2017

Security Bulletin ID SB2017041014
Severity
High
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 64% Medium 14% Low 21%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2016-5407)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-7942)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.


3) Out-of-bounds write (CVE-ID: CVE-2016-7943)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.


4) Integer overflow (CVE-ID: CVE-2016-7944)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.


5) Out-of-bounds read (CVE-ID: CVE-2016-7945)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.


6) Improper access control (CVE-ID: CVE-2016-7946)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.


7) Integer overflow (CVE-ID: CVE-2016-7947)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.


8) Out-of-bounds write (CVE-ID: CVE-2016-7948)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.


9) Input validation error (CVE-ID: CVE-2016-7949)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.


10) Out-of-bounds write (CVE-ID: CVE-2016-7950)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.


11) Buffer overflow (CVE-ID: CVE-2016-7953)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.


12) Information disclosure (CVE-ID: CVE-2017-2624)

The vulnerability allows a local authenticated user to execute arbitrary code.

It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.


13) Key management errors (CVE-ID: CVE-2017-2625)

The vulnerability allows a local authenticated user to gain access to sensitive information.

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.


14) Insufficient Entropy (CVE-ID: CVE-2017-2626)

The vulnerability allows a local authenticated user to gain access to sensitive information.

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.


Remediation

Install update from vendor's website.

References