Debian
libx11 package

libx11 2:1.6.4-3+deb9u1 source package in Debian

Changelog

libx11 (2:1.6.4-3+deb9u1) stretch; urgency=high

  * Non-maintainer upload.
  * Fix CVE-2018-14598, CVE-2018-14599 and CVE-2018-14600:
  * CVE-2018-14599:
    The functions XGetFontPath, XListExtensions, and XListFonts are vulnerable
    to an off-by-one override on malicious server responses.
  * CVE-2018-14600:
    The length value is interpreted as signed char on many systems (depending
    on default signedness of char), which can lead to an out of boundary write
    up to 128 bytes in front of the allocated storage, but limited to NUL
    byte(s).
  * CVE-2018-14598:
    If the server sends a reply in which even the first string would overflow
    the transmitted bytes, list[0] (or flist[0]) will be set to NULL and a
    count of 0 is returned. This may trigger a segmentation fault leading to a
    Denial of Service.

 -- Markus Koschany <email address hidden>  Sat, 29 Sep 2018 14:05:05 +0200

Upload details

Uploaded by:
Debian X Strike Force
Uploaded to:
Stretch
Original maintainer:
Debian X Strike Force
Architectures:
any all
Section:
x11
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Stretch release main x11

Builds

Downloads

File Size SHA-256 Checksum
libx11_1.6.4-3+deb9u1.dsc 2.5 KiB f58095603558b7db6b5799852c693efb18adcb64b8a85e21433df0f3080101cd
libx11_1.6.4.orig.tar.gz 3.0 MiB 5d7fbb9e15c27900ea8963218a59750b674a8d7c94161b66e96fcfbdaa1c6263
libx11_1.6.4-3+deb9u1.diff.gz 41.9 KiB 9f35ff369042893ffc47fa47fea245b355e7a7e44853d8cc4d8a765c32b407f2

No changes file available.

Binary packages built by this source