Security update for xorg-x11-libs SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:3189-1 Final 1 1 2016-12-16T17:05:53Z current 2016-12-16T17:05:53Z 2016-12-16T17:05:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xorg-x11-libs This update for xorg-x11-libs fixes the following issues: - insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023, CVE-2016-7953) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012, CVE-2016-7951, CVE-2016-7952) - insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000, CVE-2016-7947, CVE-2016-7948) - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). (bsc#1002998, CVE-2016-7945, CVE-2016-7946) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-xorg-x11-libs-12894,slessp4-xorg-x11-libs-12894 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20163189-1/ Link for SUSE-SU-2016:3189-1 https://lists.suse.com/pipermail/sle-security-updates/2016-December/002495.html E-Mail link for SUSE-SU-2016:3189-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1002998 SUSE Bug 1002998 https://bugzilla.suse.com/1003000 SUSE Bug 1003000 https://bugzilla.suse.com/1003012 SUSE Bug 1003012 https://bugzilla.suse.com/1003023 SUSE Bug 1003023 https://www.suse.com/security/cve/CVE-2016-7945/ SUSE CVE CVE-2016-7945 page https://www.suse.com/security/cve/CVE-2016-7946/ SUSE CVE CVE-2016-7946 page https://www.suse.com/security/cve/CVE-2016-7947/ SUSE CVE CVE-2016-7947 page https://www.suse.com/security/cve/CVE-2016-7948/ SUSE CVE CVE-2016-7948 page https://www.suse.com/security/cve/CVE-2016-7951/ SUSE CVE CVE-2016-7951 page https://www.suse.com/security/cve/CVE-2016-7952/ SUSE CVE CVE-2016-7952 page https://www.suse.com/security/cve/CVE-2016-7953/ SUSE CVE CVE-2016-7953 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 xorg-x11-devel-7.4-8.26.49.1 xorg-x11-devel-32bit-7.4-8.26.49.1 xorg-x11-libs-7.4-8.26.49.1 xorg-x11-libs-32bit-7.4-8.26.49.1 xorg-x11-libs-x86-7.4-8.26.49.1 xorg-x11-libs-7.4-8.26.49.1 as a component of SUSE Linux Enterprise Server 11 SP4 xorg-x11-libs-32bit-7.4-8.26.49.1 as a component of SUSE Linux Enterprise Server 11 SP4 xorg-x11-libs-x86-7.4-8.26.49.1 as a component of SUSE Linux Enterprise Server 11 SP4 xorg-x11-libs-7.4-8.26.49.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xorg-x11-libs-32bit-7.4-8.26.49.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xorg-x11-libs-x86-7.4-8.26.49.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 xorg-x11-devel-7.4-8.26.49.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 xorg-x11-devel-32bit-7.4-8.26.49.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. CVE-2016-7945 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-7.4-8.26.49.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163189-1/ https://www.suse.com/security/cve/CVE-2016-7945.html CVE-2016-7945 https://bugzilla.suse.com/1002998 SUSE Bug 1002998 https://bugzilla.suse.com/1134167 SUSE Bug 1134167 https://bugzilla.suse.com/1159415 SUSE Bug 1159415 X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. CVE-2016-7946 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-7.4-8.26.49.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163189-1/ https://www.suse.com/security/cve/CVE-2016-7946.html CVE-2016-7946 https://bugzilla.suse.com/1002998 SUSE Bug 1002998 https://bugzilla.suse.com/1134167 SUSE Bug 1134167 https://bugzilla.suse.com/1159415 SUSE Bug 1159415 Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. CVE-2016-7947 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-7.4-8.26.49.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163189-1/ https://www.suse.com/security/cve/CVE-2016-7947.html CVE-2016-7947 https://bugzilla.suse.com/1003000 SUSE Bug 1003000 https://bugzilla.suse.com/1159415 SUSE Bug 1159415 X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. CVE-2016-7948 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-7.4-8.26.49.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163189-1/ https://www.suse.com/security/cve/CVE-2016-7948.html CVE-2016-7948 https://bugzilla.suse.com/1003000 SUSE Bug 1003000 https://bugzilla.suse.com/1159415 SUSE Bug 1159415 Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. CVE-2016-7951 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-7.4-8.26.49.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163189-1/ https://www.suse.com/security/cve/CVE-2016-7951.html CVE-2016-7951 https://bugzilla.suse.com/1003012 SUSE Bug 1003012 https://bugzilla.suse.com/1159415 SUSE Bug 1159415 X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. CVE-2016-7952 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-7.4-8.26.49.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163189-1/ https://www.suse.com/security/cve/CVE-2016-7952.html CVE-2016-7952 https://bugzilla.suse.com/1003012 SUSE Bug 1003012 https://bugzilla.suse.com/1159415 SUSE Bug 1159415 Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. CVE-2016-7953 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-7.4-8.26.49.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libs-x86-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-32bit-7.4-8.26.49.1 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-devel-7.4-8.26.49.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163189-1/ https://www.suse.com/security/cve/CVE-2016-7953.html CVE-2016-7953 https://bugzilla.suse.com/1003023 SUSE Bug 1003023 https://bugzilla.suse.com/1159415 SUSE Bug 1159415