openSUSE Security Update : X Window System client libraries (openSUSE-2016-1420)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for X Window System client libraries fixes a class of
privilege escalation issues.

A malicious X server could send specially crafted data to X clients,
which allowed for triggering crashes, or privilege escalation if this
relationship was untrusted or crossed user or permission level
boundaries.

The following libraries have been fixed :

libX11 :

- plugged a memory leak (boo#1002991, CVE-2016-7942).

- insufficient validation of data from the X server can
cause out of boundary memory read (XGetImage()) or write
(XListFonts()) (boo#1002991, CVE-2016-7942).

libXi :

- Integer overflows in libXi can cause out of boundary
memory access or endless loops (Denial of Service)
(boo#1002998, CVE-2016-7945).

- Insufficient validation of data in libXi can cause out
of boundary memory access or endless loops (Denial of
Service) (boo#1002998, CVE-2016-7946).

libXrandr :

- Insufficient validation of data from the X server can
cause out of boundary memory writes (boo#1003000,
CVE-2016-7947, CVE-2016-7948).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1002991
https://bugzilla.opensuse.org/show_bug.cgi?id=1002998
https://bugzilla.opensuse.org/show_bug.cgi?id=1003000

Solution :

Update the affected X Window System client libraries packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 95644 ()

Bugtraq ID:

CVE ID: CVE-2016-7942
CVE-2016-7945
CVE-2016-7946
CVE-2016-7947
CVE-2016-7948

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now