Security update for X Window System client libraries SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:3034-1 Final 1 1 2016-12-07T10:37:13Z current 2016-12-07T10:37:13Z 2016-12-07T10:37:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for X Window System client libraries This update for X Window System client libraries fixes a class of privilege escalation issues. A malicious X server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. The following libraries have been fixed: libX11: - plugged a memory leak (boo#1002991, CVE-2016-7942). - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()) (boo#1002991, CVE-2016-7942). libXi: - Integer overflows in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7945). - Insufficient validation of data in libXi can cause out of boundary memory access or endless loops (Denial of Service) (boo#1002998, CVE-2016-7946). libXrandr: - Insufficient validation of data from the X server can cause out of boundary memory writes (boo#1003000, CVE-2016-7947, CVE-2016-7948). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-12/msg00048.html E-Mail link for openSUSE-SU-2016:3034-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 libX11-1.6.3-9.1 libX11-6-1.6.3-9.1 libX11-6-32bit-1.6.3-9.1 libX11-data-1.6.3-9.1 libX11-devel-1.6.3-9.1 libX11-devel-32bit-1.6.3-9.1 libX11-xcb1-1.6.3-9.1 libX11-xcb1-32bit-1.6.3-9.1 libXi-1.7.5-6.1 libXi-devel-1.7.5-6.1 libXi-devel-32bit-1.7.5-6.1 libXi6-1.7.5-6.1 libXi6-32bit-1.7.5-6.1 libXrandr-1.5.0-5.1 libXrandr-devel-1.5.0-5.1 libXrandr-devel-32bit-1.5.0-5.1 libXrandr2-1.5.0-5.1 libXrandr2-32bit-1.5.0-5.1 libX11-1.6.3-9.1 as a component of openSUSE Leap 42.1 libX11-6-1.6.3-9.1 as a component of openSUSE Leap 42.1 libX11-6-32bit-1.6.3-9.1 as a component of openSUSE Leap 42.1 libX11-data-1.6.3-9.1 as a component of openSUSE Leap 42.1 libX11-devel-1.6.3-9.1 as a component of openSUSE Leap 42.1 libX11-devel-32bit-1.6.3-9.1 as a component of openSUSE Leap 42.1 libX11-xcb1-1.6.3-9.1 as a component of openSUSE Leap 42.1 libX11-xcb1-32bit-1.6.3-9.1 as a component of openSUSE Leap 42.1 libXi-1.7.5-6.1 as a component of openSUSE Leap 42.1 libXi-devel-1.7.5-6.1 as a component of openSUSE Leap 42.1 libXi-devel-32bit-1.7.5-6.1 as a component of openSUSE Leap 42.1 libXi6-1.7.5-6.1 as a component of openSUSE Leap 42.1 libXi6-32bit-1.7.5-6.1 as a component of openSUSE Leap 42.1 libXrandr-1.5.0-5.1 as a component of openSUSE Leap 42.1 libXrandr-devel-1.5.0-5.1 as a component of openSUSE Leap 42.1 libXrandr-devel-32bit-1.5.0-5.1 as a component of openSUSE Leap 42.1 libXrandr2-1.5.0-5.1 as a component of openSUSE Leap 42.1 libXrandr2-32bit-1.5.0-5.1 as a component of openSUSE Leap 42.1 libX11-1.6.3-9.1 as a component of openSUSE Leap 42.2 libX11-6-1.6.3-9.1 as a component of openSUSE Leap 42.2 libX11-6-32bit-1.6.3-9.1 as a component of openSUSE Leap 42.2 libX11-data-1.6.3-9.1 as a component of openSUSE Leap 42.2 libX11-devel-1.6.3-9.1 as a component of openSUSE Leap 42.2 libX11-devel-32bit-1.6.3-9.1 as a component of openSUSE Leap 42.2 libX11-xcb1-1.6.3-9.1 as a component of openSUSE Leap 42.2 libX11-xcb1-32bit-1.6.3-9.1 as a component of openSUSE Leap 42.2 libXi-1.7.5-6.1 as a component of openSUSE Leap 42.2 libXi-devel-1.7.5-6.1 as a component of openSUSE Leap 42.2 libXi-devel-32bit-1.7.5-6.1 as a component of openSUSE Leap 42.2 libXi6-1.7.5-6.1 as a component of openSUSE Leap 42.2 libXi6-32bit-1.7.5-6.1 as a component of openSUSE Leap 42.2 libXrandr-1.5.0-5.1 as a component of openSUSE Leap 42.2 libXrandr-devel-1.5.0-5.1 as a component of openSUSE Leap 42.2 libXrandr-devel-32bit-1.5.0-5.1 as a component of openSUSE Leap 42.2 libXrandr2-1.5.0-5.1 as a component of openSUSE Leap 42.2 libXrandr2-32bit-1.5.0-5.1 as a component of openSUSE Leap 42.2 The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. CVE-2016-7942 openSUSE Leap 42.1:libX11-1.6.3-9.1 openSUSE Leap 42.1:libX11-6-1.6.3-9.1 openSUSE Leap 42.1:libX11-6-32bit-1.6.3-9.1 openSUSE Leap 42.1:libX11-data-1.6.3-9.1 openSUSE Leap 42.1:libX11-devel-1.6.3-9.1 openSUSE Leap 42.1:libX11-devel-32bit-1.6.3-9.1 openSUSE Leap 42.1:libX11-xcb1-1.6.3-9.1 openSUSE Leap 42.1:libX11-xcb1-32bit-1.6.3-9.1 openSUSE Leap 42.1:libXi-1.7.5-6.1 openSUSE Leap 42.1:libXi-devel-1.7.5-6.1 openSUSE Leap 42.1:libXi-devel-32bit-1.7.5-6.1 openSUSE Leap 42.1:libXi6-1.7.5-6.1 openSUSE Leap 42.1:libXi6-32bit-1.7.5-6.1 openSUSE Leap 42.1:libXrandr-1.5.0-5.1 openSUSE Leap 42.1:libXrandr-devel-1.5.0-5.1 openSUSE Leap 42.1:libXrandr-devel-32bit-1.5.0-5.1 openSUSE Leap 42.1:libXrandr2-1.5.0-5.1 openSUSE Leap 42.1:libXrandr2-32bit-1.5.0-5.1 openSUSE Leap 42.2:libX11-1.6.3-9.1 openSUSE Leap 42.2:libX11-6-1.6.3-9.1 openSUSE Leap 42.2:libX11-6-32bit-1.6.3-9.1 openSUSE Leap 42.2:libX11-data-1.6.3-9.1 openSUSE Leap 42.2:libX11-devel-1.6.3-9.1 openSUSE Leap 42.2:libX11-devel-32bit-1.6.3-9.1 openSUSE Leap 42.2:libX11-xcb1-1.6.3-9.1 openSUSE Leap 42.2:libX11-xcb1-32bit-1.6.3-9.1 openSUSE Leap 42.2:libXi-1.7.5-6.1 openSUSE Leap 42.2:libXi-devel-1.7.5-6.1 openSUSE Leap 42.2:libXi-devel-32bit-1.7.5-6.1 openSUSE Leap 42.2:libXi6-1.7.5-6.1 openSUSE Leap 42.2:libXi6-32bit-1.7.5-6.1 openSUSE Leap 42.2:libXrandr-1.5.0-5.1 openSUSE Leap 42.2:libXrandr-devel-1.5.0-5.1 openSUSE Leap 42.2:libXrandr-devel-32bit-1.5.0-5.1 openSUSE Leap 42.2:libXrandr2-1.5.0-5.1 openSUSE Leap 42.2:libXrandr2-32bit-1.5.0-5.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00048.html https://www.suse.com/security/cve/CVE-2016-7942.html CVE-2016-7942 https://bugzilla.suse.com/1002991 SUSE Bug 1002991 https://bugzilla.suse.com/1174752 SUSE Bug 1174752 Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. CVE-2016-7945 openSUSE Leap 42.1:libX11-1.6.3-9.1 openSUSE Leap 42.1:libX11-6-1.6.3-9.1 openSUSE Leap 42.1:libX11-6-32bit-1.6.3-9.1 openSUSE Leap 42.1:libX11-data-1.6.3-9.1 openSUSE Leap 42.1:libX11-devel-1.6.3-9.1 openSUSE Leap 42.1:libX11-devel-32bit-1.6.3-9.1 openSUSE Leap 42.1:libX11-xcb1-1.6.3-9.1 openSUSE Leap 42.1:libX11-xcb1-32bit-1.6.3-9.1 openSUSE Leap 42.1:libXi-1.7.5-6.1 openSUSE Leap 42.1:libXi-devel-1.7.5-6.1 openSUSE Leap 42.1:libXi-devel-32bit-1.7.5-6.1 openSUSE Leap 42.1:libXi6-1.7.5-6.1 openSUSE Leap 42.1:libXi6-32bit-1.7.5-6.1 openSUSE Leap 42.1:libXrandr-1.5.0-5.1 openSUSE Leap 42.1:libXrandr-devel-1.5.0-5.1 openSUSE Leap 42.1:libXrandr-devel-32bit-1.5.0-5.1 openSUSE Leap 42.1:libXrandr2-1.5.0-5.1 openSUSE Leap 42.1:libXrandr2-32bit-1.5.0-5.1 openSUSE Leap 42.2:libX11-1.6.3-9.1 openSUSE Leap 42.2:libX11-6-1.6.3-9.1 openSUSE Leap 42.2:libX11-6-32bit-1.6.3-9.1 openSUSE Leap 42.2:libX11-data-1.6.3-9.1 openSUSE Leap 42.2:libX11-devel-1.6.3-9.1 openSUSE Leap 42.2:libX11-devel-32bit-1.6.3-9.1 openSUSE Leap 42.2:libX11-xcb1-1.6.3-9.1 openSUSE Leap 42.2:libX11-xcb1-32bit-1.6.3-9.1 openSUSE Leap 42.2:libXi-1.7.5-6.1 openSUSE Leap 42.2:libXi-devel-1.7.5-6.1 openSUSE Leap 42.2:libXi-devel-32bit-1.7.5-6.1 openSUSE Leap 42.2:libXi6-1.7.5-6.1 openSUSE Leap 42.2:libXi6-32bit-1.7.5-6.1 openSUSE Leap 42.2:libXrandr-1.5.0-5.1 openSUSE Leap 42.2:libXrandr-devel-1.5.0-5.1 openSUSE Leap 42.2:libXrandr-devel-32bit-1.5.0-5.1 openSUSE Leap 42.2:libXrandr2-1.5.0-5.1 openSUSE Leap 42.2:libXrandr2-32bit-1.5.0-5.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00048.html https://www.suse.com/security/cve/CVE-2016-7945.html CVE-2016-7945 https://bugzilla.suse.com/1002998 SUSE Bug 1002998 https://bugzilla.suse.com/1134167 SUSE Bug 1134167 https://bugzilla.suse.com/1159415 SUSE Bug 1159415 X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. CVE-2016-7946 openSUSE Leap 42.1:libX11-1.6.3-9.1 openSUSE Leap 42.1:libX11-6-1.6.3-9.1 openSUSE Leap 42.1:libX11-6-32bit-1.6.3-9.1 openSUSE Leap 42.1:libX11-data-1.6.3-9.1 openSUSE Leap 42.1:libX11-devel-1.6.3-9.1 openSUSE Leap 42.1:libX11-devel-32bit-1.6.3-9.1 openSUSE Leap 42.1:libX11-xcb1-1.6.3-9.1 openSUSE Leap 42.1:libX11-xcb1-32bit-1.6.3-9.1 openSUSE Leap 42.1:libXi-1.7.5-6.1 openSUSE Leap 42.1:libXi-devel-1.7.5-6.1 openSUSE Leap 42.1:libXi-devel-32bit-1.7.5-6.1 openSUSE Leap 42.1:libXi6-1.7.5-6.1 openSUSE Leap 42.1:libXi6-32bit-1.7.5-6.1 openSUSE Leap 42.1:libXrandr-1.5.0-5.1 openSUSE Leap 42.1:libXrandr-devel-1.5.0-5.1 openSUSE Leap 42.1:libXrandr-devel-32bit-1.5.0-5.1 openSUSE Leap 42.1:libXrandr2-1.5.0-5.1 openSUSE Leap 42.1:libXrandr2-32bit-1.5.0-5.1 openSUSE Leap 42.2:libX11-1.6.3-9.1 openSUSE Leap 42.2:libX11-6-1.6.3-9.1 openSUSE Leap 42.2:libX11-6-32bit-1.6.3-9.1 openSUSE Leap 42.2:libX11-data-1.6.3-9.1 openSUSE Leap 42.2:libX11-devel-1.6.3-9.1 openSUSE Leap 42.2:libX11-devel-32bit-1.6.3-9.1 openSUSE Leap 42.2:libX11-xcb1-1.6.3-9.1 openSUSE Leap 42.2:libX11-xcb1-32bit-1.6.3-9.1 openSUSE Leap 42.2:libXi-1.7.5-6.1 openSUSE Leap 42.2:libXi-devel-1.7.5-6.1 openSUSE Leap 42.2:libXi-devel-32bit-1.7.5-6.1 openSUSE Leap 42.2:libXi6-1.7.5-6.1 openSUSE Leap 42.2:libXi6-32bit-1.7.5-6.1 openSUSE Leap 42.2:libXrandr-1.5.0-5.1 openSUSE Leap 42.2:libXrandr-devel-1.5.0-5.1 openSUSE Leap 42.2:libXrandr-devel-32bit-1.5.0-5.1 openSUSE Leap 42.2:libXrandr2-1.5.0-5.1 openSUSE Leap 42.2:libXrandr2-32bit-1.5.0-5.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00048.html https://www.suse.com/security/cve/CVE-2016-7946.html CVE-2016-7946 https://bugzilla.suse.com/1002998 SUSE Bug 1002998 https://bugzilla.suse.com/1134167 SUSE Bug 1134167 https://bugzilla.suse.com/1159415 SUSE Bug 1159415 Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. CVE-2016-7947 openSUSE Leap 42.1:libX11-1.6.3-9.1 openSUSE Leap 42.1:libX11-6-1.6.3-9.1 openSUSE Leap 42.1:libX11-6-32bit-1.6.3-9.1 openSUSE Leap 42.1:libX11-data-1.6.3-9.1 openSUSE Leap 42.1:libX11-devel-1.6.3-9.1 openSUSE Leap 42.1:libX11-devel-32bit-1.6.3-9.1 openSUSE Leap 42.1:libX11-xcb1-1.6.3-9.1 openSUSE Leap 42.1:libX11-xcb1-32bit-1.6.3-9.1 openSUSE Leap 42.1:libXi-1.7.5-6.1 openSUSE Leap 42.1:libXi-devel-1.7.5-6.1 openSUSE Leap 42.1:libXi-devel-32bit-1.7.5-6.1 openSUSE Leap 42.1:libXi6-1.7.5-6.1 openSUSE Leap 42.1:libXi6-32bit-1.7.5-6.1 openSUSE Leap 42.1:libXrandr-1.5.0-5.1 openSUSE Leap 42.1:libXrandr-devel-1.5.0-5.1 openSUSE Leap 42.1:libXrandr-devel-32bit-1.5.0-5.1 openSUSE Leap 42.1:libXrandr2-1.5.0-5.1 openSUSE Leap 42.1:libXrandr2-32bit-1.5.0-5.1 openSUSE Leap 42.2:libX11-1.6.3-9.1 openSUSE Leap 42.2:libX11-6-1.6.3-9.1 openSUSE Leap 42.2:libX11-6-32bit-1.6.3-9.1 openSUSE Leap 42.2:libX11-data-1.6.3-9.1 openSUSE Leap 42.2:libX11-devel-1.6.3-9.1 openSUSE Leap 42.2:libX11-devel-32bit-1.6.3-9.1 openSUSE Leap 42.2:libX11-xcb1-1.6.3-9.1 openSUSE Leap 42.2:libX11-xcb1-32bit-1.6.3-9.1 openSUSE Leap 42.2:libXi-1.7.5-6.1 openSUSE Leap 42.2:libXi-devel-1.7.5-6.1 openSUSE Leap 42.2:libXi-devel-32bit-1.7.5-6.1 openSUSE Leap 42.2:libXi6-1.7.5-6.1 openSUSE Leap 42.2:libXi6-32bit-1.7.5-6.1 openSUSE Leap 42.2:libXrandr-1.5.0-5.1 openSUSE Leap 42.2:libXrandr-devel-1.5.0-5.1 openSUSE Leap 42.2:libXrandr-devel-32bit-1.5.0-5.1 openSUSE Leap 42.2:libXrandr2-1.5.0-5.1 openSUSE Leap 42.2:libXrandr2-32bit-1.5.0-5.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00048.html https://www.suse.com/security/cve/CVE-2016-7947.html CVE-2016-7947 https://bugzilla.suse.com/1003000 SUSE Bug 1003000 https://bugzilla.suse.com/1159415 SUSE Bug 1159415 X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. CVE-2016-7948 openSUSE Leap 42.1:libX11-1.6.3-9.1 openSUSE Leap 42.1:libX11-6-1.6.3-9.1 openSUSE Leap 42.1:libX11-6-32bit-1.6.3-9.1 openSUSE Leap 42.1:libX11-data-1.6.3-9.1 openSUSE Leap 42.1:libX11-devel-1.6.3-9.1 openSUSE Leap 42.1:libX11-devel-32bit-1.6.3-9.1 openSUSE Leap 42.1:libX11-xcb1-1.6.3-9.1 openSUSE Leap 42.1:libX11-xcb1-32bit-1.6.3-9.1 openSUSE Leap 42.1:libXi-1.7.5-6.1 openSUSE Leap 42.1:libXi-devel-1.7.5-6.1 openSUSE Leap 42.1:libXi-devel-32bit-1.7.5-6.1 openSUSE Leap 42.1:libXi6-1.7.5-6.1 openSUSE Leap 42.1:libXi6-32bit-1.7.5-6.1 openSUSE Leap 42.1:libXrandr-1.5.0-5.1 openSUSE Leap 42.1:libXrandr-devel-1.5.0-5.1 openSUSE Leap 42.1:libXrandr-devel-32bit-1.5.0-5.1 openSUSE Leap 42.1:libXrandr2-1.5.0-5.1 openSUSE Leap 42.1:libXrandr2-32bit-1.5.0-5.1 openSUSE Leap 42.2:libX11-1.6.3-9.1 openSUSE Leap 42.2:libX11-6-1.6.3-9.1 openSUSE Leap 42.2:libX11-6-32bit-1.6.3-9.1 openSUSE Leap 42.2:libX11-data-1.6.3-9.1 openSUSE Leap 42.2:libX11-devel-1.6.3-9.1 openSUSE Leap 42.2:libX11-devel-32bit-1.6.3-9.1 openSUSE Leap 42.2:libX11-xcb1-1.6.3-9.1 openSUSE Leap 42.2:libX11-xcb1-32bit-1.6.3-9.1 openSUSE Leap 42.2:libXi-1.7.5-6.1 openSUSE Leap 42.2:libXi-devel-1.7.5-6.1 openSUSE Leap 42.2:libXi-devel-32bit-1.7.5-6.1 openSUSE Leap 42.2:libXi6-1.7.5-6.1 openSUSE Leap 42.2:libXi6-32bit-1.7.5-6.1 openSUSE Leap 42.2:libXrandr-1.5.0-5.1 openSUSE Leap 42.2:libXrandr-devel-1.5.0-5.1 openSUSE Leap 42.2:libXrandr-devel-32bit-1.5.0-5.1 openSUSE Leap 42.2:libXrandr2-1.5.0-5.1 openSUSE Leap 42.2:libXrandr2-32bit-1.5.0-5.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-12/msg00048.html https://www.suse.com/security/cve/CVE-2016-7948.html CVE-2016-7948 https://bugzilla.suse.com/1003000 SUSE Bug 1003000 https://bugzilla.suse.com/1159415 SUSE Bug 1159415