This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update for X Window System client libraries fixes a class of
privilege escalation issues.
A malicious X server could send specially crafted data to X clients,
which allowed for triggering crashes, or privilege escalation if this
relationship was untrusted or crossed user or permission level
The following libraries have been fixed :
- plugged a memory leak (boo#1002991, CVE-2016-7942).
- insufficient validation of data from the X server can
cause out of boundary memory read (XGetImage()) or write
(XListFonts()) (boo#1002991, CVE-2016-7942).
- Integer overflows in libXi can cause out of boundary
memory access or endless loops (Denial of Service)
- Insufficient validation of data in libXi can cause out
of boundary memory access or endless loops (Denial of
Service) (boo#1002998, CVE-2016-7946).
- Insufficient validation of data from the X server can
cause out of boundary memory writes (boo#1003000,
See also :
Update the affected X Window System client libraries packages.
Risk factor :
High / CVSS Base Score : 7.5