openSUSE Security Update : X Window System client libraries (openSUSE-2016-1214)
critical Nessus Plugin ID 94220
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote openSUSE host is missing a security update.Description
This update for the X Window System client libraries fixes a class of privilege escalation issues.A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries.
libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically :
libX11 :
- CVE-2016-7942: insufficient validation of data from the X server allowed out of boundary memory read (bsc#1002991)
libXfixes :
- CVE-2016-7944: insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995)
libXi :
- CVE-2016-7945, CVE-2016-7946: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998)
libXtst :
- CVE-2016-7951, CVE-2016-7952: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012)
libXv :
- CVE-2016-5407: insufficient validation of data from the X server can cause out of boundary memory and memory corruption (bsc#1003017)
libXvMC :
- CVE-2016-7953: insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023)
libXrender :
- CVE-2016-7949, CVE-2016-7950: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002)
libXrandr :
- CVE-2016-7947, CVE-2016-7948: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000)
This update was imported from the SUSE:SLE-12:Update update project.
Solution
Update the affected X Window System client libraries packages.See Also
https://bugzilla.opensuse.org/show_bug.cgi?id=1002991
https://bugzilla.opensuse.org/show_bug.cgi?id=1002995
https://bugzilla.opensuse.org/show_bug.cgi?id=1002998
https://bugzilla.opensuse.org/show_bug.cgi?id=1003000
https://bugzilla.opensuse.org/show_bug.cgi?id=1003002
https://bugzilla.opensuse.org/show_bug.cgi?id=1003012
Plugin Details
Severity: Critical
ID: 94220
File Name: openSUSE-2016-1214.nasl
Version: 2.5
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 10/24/2016
Updated: 1/19/2021
Dependencies: ssh_get_info.nasl
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:libX11-6, p-cpe:/a:novell:opensuse:libX11-6-32bit, p-cpe:/a:novell:opensuse:libX11-6-debuginfo, p-cpe:/a:novell:opensuse:libX11-6-debuginfo-32bit, p-cpe:/a:novell:opensuse:libX11-data, p-cpe:/a:novell:opensuse:libX11-debugsource, p-cpe:/a:novell:opensuse:libX11-devel, p-cpe:/a:novell:opensuse:libX11-devel-32bit, p-cpe:/a:novell:opensuse:libX11-xcb1, p-cpe:/a:novell:opensuse:libX11-xcb1-32bit, p-cpe:/a:novell:opensuse:libX11-xcb1-debuginfo, p-cpe:/a:novell:opensuse:libX11-xcb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libXfixes-debugsource, p-cpe:/a:novell:opensuse:libXfixes-devel, p-cpe:/a:novell:opensuse:libXfixes-devel-32bit, p-cpe:/a:novell:opensuse:libXfixes3, p-cpe:/a:novell:opensuse:libXfixes3-32bit, p-cpe:/a:novell:opensuse:libXfixes3-debuginfo, p-cpe:/a:novell:opensuse:libXfixes3-debuginfo-32bit, p-cpe:/a:novell:opensuse:libXi-debugsource, p-cpe:/a:novell:opensuse:libXi-devel, p-cpe:/a:novell:opensuse:libXi-devel-32bit, p-cpe:/a:novell:opensuse:libXi6, p-cpe:/a:novell:opensuse:libXi6-32bit, p-cpe:/a:novell:opensuse:libXi6-debuginfo, p-cpe:/a:novell:opensuse:libXi6-debuginfo-32bit, p-cpe:/a:novell:opensuse:libXrandr-debugsource, p-cpe:/a:novell:opensuse:libXrandr-devel, p-cpe:/a:novell:opensuse:libXrandr-devel-32bit, p-cpe:/a:novell:opensuse:libXrandr2, p-cpe:/a:novell:opensuse:libXrandr2-32bit, p-cpe:/a:novell:opensuse:libXrandr2-debuginfo, p-cpe:/a:novell:opensuse:libXrandr2-debuginfo-32bit, p-cpe:/a:novell:opensuse:libXrender-debugsource, p-cpe:/a:novell:opensuse:libXrender-devel, p-cpe:/a:novell:opensuse:libXrender-devel-32bit, p-cpe:/a:novell:opensuse:libXrender1, p-cpe:/a:novell:opensuse:libXrender1-32bit, p-cpe:/a:novell:opensuse:libXrender1-debuginfo, p-cpe:/a:novell:opensuse:libXrender1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libXtst-debugsource, p-cpe:/a:novell:opensuse:libXtst-devel, p-cpe:/a:novell:opensuse:libXtst-devel-32bit, p-cpe:/a:novell:opensuse:libXtst6, p-cpe:/a:novell:opensuse:libXtst6-32bit, p-cpe:/a:novell:opensuse:libXtst6-debuginfo, p-cpe:/a:novell:opensuse:libXtst6-debuginfo-32bit, p-cpe:/a:novell:opensuse:libXv-debugsource, p-cpe:/a:novell:opensuse:libXv-devel, p-cpe:/a:novell:opensuse:libXv-devel-32bit, p-cpe:/a:novell:opensuse:libXv1, p-cpe:/a:novell:opensuse:libXv1-32bit, p-cpe:/a:novell:opensuse:libXv1-debuginfo, p-cpe:/a:novell:opensuse:libXv1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libXvMC-debugsource, p-cpe:/a:novell:opensuse:libXvMC-devel, p-cpe:/a:novell:opensuse:libXvMC-devel-32bit, p-cpe:/a:novell:opensuse:libXvMC1, p-cpe:/a:novell:opensuse:libXvMC1-32bit, p-cpe:/a:novell:opensuse:libXvMC1-debuginfo, p-cpe:/a:novell:opensuse:libXvMC1-debuginfo-32bit, cpe:/o:novell:opensuse:42.1
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Patch Publication Date: 10/23/2016
Reference Information
CVE: CVE-2016-5407, CVE-2016-7942, CVE-2016-7944, CVE-2016-7945, CVE-2016-7946, CVE-2016-7947, CVE-2016-7948, CVE-2016-7949, CVE-2016-7950, CVE-2016-7951, CVE-2016-7952, CVE-2016-7953