Changelog
libx11 (2:1.6.4-3+deb9u1) stretch; urgency=high
* Non-maintainer upload.
* Fix CVE-2018-14598, CVE-2018-14599 and CVE-2018-14600:
* CVE-2018-14599:
The functions XGetFontPath, XListExtensions, and XListFonts are vulnerable
to an off-by-one override on malicious server responses.
* CVE-2018-14600:
The length value is interpreted as signed char on many systems (depending
on default signedness of char), which can lead to an out of boundary write
up to 128 bytes in front of the allocated storage, but limited to NUL
byte(s).
* CVE-2018-14598:
If the server sends a reply in which even the first string would overflow
the transmitted bytes, list[0] (or flist[0]) will be set to NULL and a
count of 0 is returned. This may trigger a segmentation fault leading to a
Denial of Service.
-- Markus Koschany <email address hidden> Sat, 29 Sep 2018 14:05:05 +0200