[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries

93374

1036945

https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5

FEDORA-2016-8b122b0997

FEDORA-2016-cabb6d7ef7

[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries

GLSA-201704-03

According to the versions of the libXi package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - X.org libXi before 1.7.7 allows remote X servers to     cause a denial of service (infinite loop) via vectors     involving length fields.(CVE-2016-7946)

  - Multiple integer overflows in X.org libXi before 1.7.7     allow remote X servers to cause a denial of service     (out-of-bounds memory access or infinite loop) via     vectors involving length fields.(CVE-2016-7945)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libXi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Multiple integer overflows in X.org libXi before 1.7.7     allow remote X servers to cause a denial of service     (out-of-bounds memory access or infinite loop) via     vectors involving length fields.(CVE-2016-7945)

  - X.org libXi before 1.7.7 allows remote X servers to     cause a denial of service (infinite loop) via vectors     involving length fields.(CVE-2016-7946)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201704-03 (X.Org: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in X.Org server and       libraries. Please review the CVE identifiers referenced below for       details.
  Impact :

    A local or remote users can utilize the vulnerabilities to attach to the       X.Org session as a user and execute arbitrary code.
  Workaround :

    There is no known workaround at this time.

This update for xorg-x11-libs fixes the following issues :

  - insufficient validation of data from the X server can     cause a one byte buffer read underrun (bsc#1003023,     CVE-2016-7953)

  - insufficient validation of data from the X server can     cause out of boundary memory access or endless loops     (Denial of Service) (bsc#1003012, CVE-2016-7951,     CVE-2016-7952)

  - insufficient validation of data from the X server can     cause out of boundary memory writes (bsc#1003000,     CVE-2016-7947, CVE-2016-7948)

  - insufficient validation of data from the X server can     cause out of boundary memory access or endless loops     (Denial of Service). (bsc#1002998, CVE-2016-7945,     CVE-2016-7946)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for X Window System client libraries fixes a class of privilege escalation issues.

A malicious X server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries.

The following libraries have been fixed :

libX11 :

  - plugged a memory leak (boo#1002991, CVE-2016-7942).

  - insufficient validation of data from the X server can     cause out of boundary memory read (XGetImage()) or write     (XListFonts()) (boo#1002991, CVE-2016-7942).

libXi :

  - Integer overflows in libXi can cause out of boundary     memory access or endless loops (Denial of Service)     (boo#1002998, CVE-2016-7945).

  - Insufficient validation of data in libXi can cause out     of boundary memory access or endless loops (Denial of     Service) (boo#1002998, CVE-2016-7946).

libXrandr :

  - Insufficient validation of data from the X server can     cause out of boundary memory writes (boo#1003000,     CVE-2016-7947, CVE-2016-7948).

libXi was updated to fix two security issues. These security issues were fixed :

  - CVE-2016-7945: Integer overflows in libXI can cause out     of boundary memory access or endless loops (Denial of     Service) (bsc#1002998).

  - CVE-2016-7946: Insufficient validation of data in libXI     can cause out of boundary memory access or endless loops     (Denial of Service) (bsc#1002998).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically: libX11 :

  - CVE-2016-7942: insufficient validation of data from the     X server allowed out of boundary memory read     (bsc#1002991) libXfixes :

  - CVE-2016-7944: insufficient validation of data from the     X server can cause an integer overflow on 32 bit     architectures (bsc#1002995) libXi :

  - CVE-2016-7945, CVE-2016-7946: insufficient validation of     data from the X server can cause out of boundary memory     access or endless loops (Denial of Service)     (bsc#1002998) libXtst :

  - CVE-2016-7951, CVE-2016-7952: insufficient validation of     data from the X server can cause out of boundary memory     access or endless loops (Denial of Service)     (bsc#1003012) libXv :

  - CVE-2016-5407: insufficient validation of data from the     X server can cause out of boundary memory and memory     corruption (bsc#1003017) libXvMC :

  - CVE-2016-7953: insufficient validation of data from the     X server can cause a one byte buffer read underrun     (bsc#1003023) libXrender :

  - CVE-2016-7949, CVE-2016-7950: insufficient validation of     data from the X server can cause out of boundary memory     writes (bsc#1003002) libXrandr :

  - CVE-2016-7947, CVE-2016-7948: insufficient validation of     data from the X server can cause out of boundary memory     writes (bsc#1003000)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security fix for CVE-2016-7945, CVE-2016-7946

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

libXi 1.7.8

----

Fix crash when calling XListInputDevices on devices without classes

----

Security fix for CVE-2016-7945, CVE-2016-7946

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

This update for the X Window System client libraries fixes a class of privilege escalation issues.

A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries.

libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically :

libX11 :

  - CVE-2016-7942: insufficient validation of data from the     X server allowed out of boundary memory read     (bsc#1002991)

libXfixes :

  - CVE-2016-7944: insufficient validation of data from the     X server can cause an integer overflow on 32 bit     architectures (bsc#1002995)

libXi :

  - CVE-2016-7945, CVE-2016-7946: insufficient validation of     data from the X server can cause out of boundary memory     access or endless loops (Denial of Service)     (bsc#1002998)

libXtst :

  - CVE-2016-7951, CVE-2016-7952: insufficient validation of     data from the X server can cause out of boundary memory     access or endless loops (Denial of Service)     (bsc#1003012)

libXv :

  - CVE-2016-5407: insufficient validation of data from the     X server can cause out of boundary memory and memory     corruption (bsc#1003017)

libXvMC :

  - CVE-2016-7953: insufficient validation of data from the     X server can cause a one byte buffer read underrun     (bsc#1003023)

libXrender :

  - CVE-2016-7949, CVE-2016-7950: insufficient validation of     data from the X server can cause out of boundary memory     writes (bsc#1003002)

libXrandr :

  - CVE-2016-7947, CVE-2016-7948: insufficient validation of     data from the X server can cause out of boundary memory     writes (bsc#1003000)

This update was imported from the SUSE:SLE-12:Update update project.

ID	Name	Product	Family	Severity
140980	EulerOS Virtualization for ARM 64 3.0.6.0 : libXi (EulerOS-SA-2020-2032)	Nessus	Huawei Local Security Checks	high
131588	EulerOS 2.0 SP2 : libXi (EulerOS-SA-2019-2434)	Nessus	Huawei Local Security Checks	high
99276	GLSA-201704-03 : X.Org: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
96034	SUSE SLES11 Security Update : xorg-x11-libs (SUSE-SU-2016:3189-1)	Nessus	SuSE Local Security Checks	critical
95644	openSUSE Security Update : X Window System client libraries (openSUSE-2016-1420)	Nessus	SuSE Local Security Checks	critical
95626	SUSE SLED12 / SLES12 Security Update : libXi (SUSE-SU-2016:3047-1)	Nessus	SuSE Local Security Checks	high
94939	SUSE SLED12 / SLES12 Security Update : X Window System client libraries (SUSE-SU-2016:2828-1)	Nessus	SuSE Local Security Checks	critical
94831	Fedora 25 : libXi (2016-8b122b0997)	Nessus	Fedora Local Security Checks	high
94688	Fedora 23 : libXi (2016-21f0de504c)	Nessus	Fedora Local Security Checks	high
94439	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : x11 (SSA:2016-305-02)	Nessus	Slackware Local Security Checks	critical
94220	openSUSE Security Update : X Window System client libraries (openSUSE-2016-1214)	Nessus	SuSE Local Security Checks	critical
94036	SUSE SLED12 / SLES12 Security Update : X Window System client libraries (SUSE-SU-2016:2505-1)	Nessus	SuSE Local Security Checks	critical
93930	Fedora 24 : libXi (2016-cabb6d7ef7)	Nessus	Fedora Local Security Checks	high

CVE-2016-7946

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

critical

critical

critical

high

critical

high

high

critical

critical

critical

high