Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2014.0893.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2014:0893-1)
Zusammenfassung:The remote host is missing an update for the 'xorg-x11-libX11' package(s) announced via the SUSE-SU-2014:0893-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'xorg-x11-libX11' package(s) announced via the SUSE-SU-2014:0893-1 advisory.

Vulnerability Insight:
This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libX11, fixing security issues.

These issues require connection to a malicious X server to trigger the bugs in client libraries.

Security issues fixed:

*

CVE-2013-1981: Multiple integer overflows in X.org libX11 allowed X servers to trigger allocation of insufficient memory and a buffer
overflow via vectors related to the (1) XQueryFont, (2)
_XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5)
XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8)
XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11)
LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile,
or (14) TransFileName functions.

*

CVE-2013-1997: Multiple buffer overflows in X.org libX11 allowed X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1)
XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes,
(4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions,
(7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9)
_XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11)
_XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData,
(14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.

*

CVE-2013-2004: The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 did not restrict the recursion depth when processing directives to include files, which allowed X servers to cause a denial of service (stack consumption) via a crafted file.

Security Issue references:

* CVE-2013-1981
* CVE-2013-1997
* CVE-2013-2004

Affected Software/OS:
'xorg-x11-libX11' package(s) on SUSE Linux Enterprise Server 11 SP1.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-1981
BugTraq ID: 60120
http://www.securityfocus.com/bid/60120
Debian Security Information: DSA-2693 (Google Search)
http://www.debian.org/security/2013/dsa-2693
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.html
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1854-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1997
Common Vulnerability Exposure (CVE) ID: CVE-2013-2004
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.