X.org has issued an advisory today (October 4): http://openwall.com/lists/oss-security/2016/10/04/2 The issues will be fixed in: * libX11 1.6.4 * libXfixes 5.0.3 * libXi 1.7.7 * libXrandr 1.5.1 * libXrender 0.9.10 * libXtst 1.2.3 * libXv 1.0.11 * libXvMC 1.0.10 The message linked above also indicates the individual commits that fixed the issues.
Status: NEW => ASSIGNED
CVE assignments: http://openwall.com/lists/oss-security/2016/10/04/4
Summary: X11 client libraries not validating data returned from X server => X11 client libraries not validating data returned from X server (CVE-2016-794[2-9], CVE-2016-795[0-3])
Request push asked
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
We should add the commits to Mageia 5 as well.
Status: RESOLVED => REOPENEDVersion: Cauldron => 5Resolution: FIXED => (none)
Cauldron is not done either. Only libx11 has been updated.
Version: 5 => CauldronWhiteboard: (none) => MGA5TOO
Cauldron update pushed.
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
LWN references: http://lwn.net/Vulnerabilities/703111/ http://lwn.net/Vulnerabilities/703113/ http://lwn.net/Vulnerabilities/703114/ http://lwn.net/Vulnerabilities/703117/ http://lwn.net/Vulnerabilities/703119/ http://lwn.net/Vulnerabilities/703120/ http://lwn.net/Vulnerabilities/703121/
Fedora advisories: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3IA7BLB4C3JOYVU6UASGUJQJKUF6TO7E/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/M4SI52ZOHOK6524DI2TOW4DX6HPKNFNB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7WCKZFMZ76APAVMIRCUKKHEB4GAS7ZUP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RVEUZRHYY3AJEKMFQ4DS7DX3Y2AICFP7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/74FFOHWYIKQZTJLRJWDMJ4W3WYBELUUG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GE43MDCRGS4R7MRRZNVSLREHRLU5OHCV/
LWN reference for libx11: http://lwn.net/Vulnerabilities/704470/
Debian-LTS regression fix for libx11: https://lwn.net/Vulnerabilities/711778/
uploaded in updates_testing for mageia 5: libxv src.rpm: libxv-1.0.11-1.mga5 libxrender src.rpm: libxrender-0.9.10-1.mga5 libxtst src.rpm: libxtst-1.2.3-1.mga5 libxi src.rpm: libxi-1.7.7-1.mga5 libxrandr src.rpm: libxrandr-1.5.1-1.mga5 libxfixes src.rpm: libxfixes-5.0.3-1.mga5 libxvmc src.rpm: libxvmc-1.0.10-1.mga5
Assignee: thierry.vignaud => qa-bugsCC: (none) => mageia
i reverted libxrandr to 1.4.x
(In reply to Nicolas Lécureuil from comment #11) > i reverted libxrandr to 1.4.x So we're still waiting for a fix for that.
Assignee: qa-bugs => mageiaCC: mageia => qa-bugs
For libxrandr we just need to backport the following commit from upstream: a0df3e1 Avoid out of boundary accesses on illegal responses
Built so far: libxv1-1.0.11-1.mga5 libxv-devel-1.0.11-1.mga5 libxrender1-0.9.10-1.mga5 libxrender-devel-0.9.10-1.mga5 libxtst6-1.2.3-1.mga5 libxtst-devel-1.2.3-1.mga5 libxi6-1.7.7-1.mga5 libxi-devel-1.7.7-1.mga5 libxfixes3-5.0.3-1.mga5 libxfixes-devel-5.0.3-1.mga5 libxvmc1-1.0.10-1.mga5 libxvmc-devel-1.0.10-1.mga5 from SRPMS: libxv-1.0.11-1.mga5.src.rpm libxrender1-0.9.10-1.mga5.src.rpm libxtst-1.2.3-1.mga5.src.rpm libxi-1.7.7-1.mga5.src.rpm libxfixes-5.0.3-1.mga5.src.rpm libxvmc-1.0.10-1.mga5.src.rpm
Advisory: ======================== Updated libx11, libxv, libxrender, libxtst, libxi, libxrandr, libxfixes, libxvmc packages fix security vulnerabilities: The XvQueryAdaptors and XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data (CVE-2016-5407). The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations (CVE-2016-7942). The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations (CVE-2016-7943). Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync (CVE-2016-7944). Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields (CVE-2016-7945). X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields (CVE-2016-7946). Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response (CVE-2016-7947). X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data (CVE-2016-7948). Multiple buffer overflows in the XvQueryAdaptors and XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields (CVE-2016-7949). The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths (CVE-2016-7950). Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks (CVE-2016-7951). X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the XRecordStartOfData, XRecordEndOfData, or XRecordClientDied category without a client sequence and with attached data (CVE-2016-7952). Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string (CVE-2016-7953). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7946 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7952 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953 http://openwall.com/lists/oss-security/2016/10/04/4 ======================== Updated packages in core/updates_testing: ======================== libx11_6-1.6.5-1.mga5 libx11-xcb1-1.6.5-1.mga5 libx11-devel-1.6.5-1.mga5 libx11-common-1.6.5-1.mga5 libx11-doc-1.6.5-1.mga5 libxv1-1.0.11-1.mga5 libxv-devel-1.0.11-1.mga5 libxrender1-0.9.10-1.mga5 libxrender-devel-0.9.10-1.mga5 libxtst6-1.2.3-1.mga5 libxtst-devel-1.2.3-1.mga5 libxi6-1.7.7-1.mga5 libxi-devel-1.7.7-1.mga5 libxfixes3-5.0.3-1.mga5 libxfixes-devel-5.0.3-1.mga5 libxvmc1-1.0.10-1.mga5 libxvmc-devel-1.0.10-1.mga5 from SRPMS: libx11-1.6.5-1.mga5 libxv-1.0.11-1.mga5.src.rpm libxrender1-0.9.10-1.mga5.src.rpm libxtst-1.2.3-1.mga5.src.rpm libxi-1.7.7-1.mga5.src.rpm libxrandr-1.4.2-4.1.mga5 libxfixes-5.0.3-1.mga5.src.rpm libxvmc-1.0.10-1.mga5.src.rpm
CC: qa-bugs => mageiaAssignee: mageia => qa-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
Installed all of the lib and lib64 packages found that for 64 bit, libx11-common and libx11-doc have to be used instead of lib64... Rebooted to confirm X11 works ok. Validating the update.
Whiteboard: (none) => MGA5-32-OK MGA5-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0011.html
Status: REOPENED => RESOLVEDResolution: (none) => FIXED