-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libx11 Version : 2:1.6.2-3+deb8u2 CVE ID : CVE-2018-14598 CVE-2018-14599 CVE-2018-14600
Several issues were discovered in libx11, the client interface to the X Windows System. The functions XGetFontPath, XListExtensions, and XListFonts are vulnerable to an off-by-one override on malicious server responses. A malicious server could also send a reply in which the first string overflows, causing a variable set to NULL that will be freed later on, leading to a segmentation fault and Denial of Service. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to a Denial of Service or possibly remote code execution. For Debian 8 "Jessie", these problems have been fixed in version 2:1.6.2-3+deb8u2. We recommend that you upgrade your libx11 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluHG45fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTM4xAArqWg86tWEtToPpu0mAOrLnipwgI9l8R7NOBA56Q0ijAaGNObXqXVdH9G FIe8bP3Stv6utLxGfS8RU3k02KFBIOtKeQNMSOGf/LEMv88Kw6OEVQSp/OrkYsRI vtxHvMfOC+1Mx1BVnsFvBMR8cqBFMXO+J2xqDD9wSDQu7pS0mRhw+M26fTcPjFOq Mo2BJRUQEH3hS5huyOlkH87yoHsQRHD5j+/uIo7LdjzmDhCHEXrQHqp5Ho/bUYvl uj6s7cwczyCYZAjudCmXBKqm942xJy91s4QXiOhw+bwGOPUN5IMb6iYGmS3g/6bN M+NQQbTwDLOFvzWeDlxJbxpxSz2TLfpO7TVbT0Qc5Luuhq6QsFPtjWh9ORfOFszz a2HxTaWyx/uQzS4oo1X0BRFxprBE70Nnz/yydFYV7EzEz7fGhmAgzm/YVVfK7fJu 8e8dBvhZix3EBLD3DRiUEBlwJCiV/23wCmiFx2K9vo7miH2nzPTJt+Wx1qao3MKd SynIew2ZgV/XJ/Yb3UxDz6Xj3b5TpGuuEb1Aws3cScItdE5VEpj4/rnS0FVLNBCm UcfQY2mpqfDkO5g9g0Y0mPgqNDqTCcyp4Yq9fqoNHANs2ohVDyW/Z4SwqnMGkbOd bNENnQvc5n71OAT8AvJE753vRul5ZjnjENCf+wycTyaWtHWocvM= =P8J/ -----END PGP SIGNATURE-----
