Pufferüberlauf in libx11
ID: | USN-2568-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10 |
Datum: | Mo, 13. April 2015, 20:46 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7439 |
Applikationen: | X11 |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3756855859997683481== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="e15bH1rAdiIRmo0cqWxDiwp5IGmFMBFSj" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --e15bH1rAdiIRmo0cqWxDiwp5IGmFMBFSj Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-2568-1 April 13, 2015 libx11, libxrender vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: libx11 could be made to crash or run programs if it processed specially crafted data. Software Description: - libxrender: X11 Rendering Extension client library - libx11: X11 client-side library Details: Abhishek Arya discovered that libX11 incorrectly handled memory in the MakeBigReq macro. A remote attacker could use this issue to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code. In addition, following the macro fix in libx11, a number of other packages have also been rebuilt as security updates including libxrender, libxext, libxi, libxfixes, libxrandr, libsdl1.2, libxv, libxp, and xserver-xorg-video-vmware. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libxrender1 1:0.9.8-1build0.14.10.1 Ubuntu 14.04 LTS: libxrender1 1:0.9.8-1build0.14.04.1 Ubuntu 12.04 LTS: libx11-dev 2:1.4.99.1-0ubuntu2.3 libxrender1 1:0.9.6-2ubuntu0.2 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2568-1 CVE-2013-7439 Package Information: https://launchpad.net/ubuntu/+source/libxrender/1:0.9.8-1build0.14.10.1 https://launchpad.net/ubuntu/+source/libxrender/1:0.9.8-1build0.14.04.1 https://launchpad.net/ubuntu/+source/libx11/2:1.4.99.1-0ubuntu2.3 https://launchpad.net/ubuntu/+source/libxrender/1:0.9.6-2ubuntu0.2 --e15bH1rAdiIRmo0cqWxDiwp5IGmFMBFSj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVK/5gAAoJEGVp2FWnRL6TzF4P/iEOKsR7HE1dG1KLfX75GQ5s hykRYNHHCoQYZbXaQ3q1Apjt1tQkfUUJ4tY810s8CdhB2EakmzjMno4qSD5C4X1n +aZowJoDoeUGty055jzfGR30Cv2fZl8keTQaWAK7VSqTuDQ2MhjvMh3ODlI9QyLr yGTCebN1f/37w4INNzqplDZLA81n/dVNIqqG0oR9zulPlcdqmQ0/+8LSJXlNR991 xBsrRb2BGZdmnjzQRoFTVS4MjisKj2X61LOSOuwdP2F9u4b27mcroeQjDl48m45F VLHrmfKOvEPSsdgVbZM+nrcf7r3EoN6qIkrj5qTABG/XxBUNqu2kkLCYTSUj88cE +szj3J5jyGIL4GVcQPaahrq0zsZJ/7joxRcsfqZf+aTsd9l6oxWH471rg4LecDsl 6n+FshF3lphEFtlhN7G2M2No5DRYiN/ETN0LP39eZzRa6z1+oAGOPgFuVCtF2LoQ HKShC/rk2UnjFeVyCSpq+ZXcihxIf9ZpTsOF1ktzxXblAlw3B3uHUkDa6PP+hoIq Kl1DHooS5MPSVWG1Nm+jEEn84nUIRlcTqsfjEgxChfukRD6bNhm2Sq+bLzKKHo0a Sz2OaIcW6lKzGrB3gFwP0TZoS3/MHLrOYj1GuDvWcdfAV64ZasQ6crT7zDihJmup 43EbYHHcuGqBd5+LpNoo =dHhs -----END PGP SIGNATURE----- --e15bH1rAdiIRmo0cqWxDiwp5IGmFMBFSj-- --===============3756855859997683481== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============3756855859997683481==-- |