PT-2013-1134 · X.Org+5 · Xcb-Proto+34

Ilja Van Sprundel

·

Publicado

2013-06-15

·

Atualizado

2024-06-15

·

CVE-2013-2062

CVSS v2.0

6.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions libXp versions 1.0.1 and earlier xorg-server versions prior to 1.14.3-r2 libXext versions 1.3.2 and earlier libX11 versions 1.6.0 and earlier libXt versions 1.1.4 and earlier libXfixes versions 5.0.1 and earlier libXinerama versions 1.1.3 and earlier libXp-devel versions 1.0.2 and earlier libXt-devel versions 1.1.4 and earlier libXfixes-devel versions 5.0.1 and earlier libXinerama-devel versions 1.1.3 and earlier libXres versions 1.0.7 and earlier libXres-devel versions 1.0.7 and earlier libXrandr versions 1.4.1 and earlier libXrandr-devel versions 1.4.1 and earlier libXv versions 1.0.9 and earlier libXi versions 1.7.2 and earlier libXi-devel versions 1.7.2 and earlier libXcursor versions 1.1.14 and earlier libXcursor-devel versions 1.1.14 and earlier libXrender versions 0.9.8 and earlier libXrender-devel versions 0.9.8 and earlier libXtst versions 1.2.2 and earlier libXtst-debuginfo versions 1.2.2 and earlier libXvMC versions 1.0.8 and earlier libX11-common versions 1.6.0 and earlier libXxf86dga versions 1.1.4 and earlier libXxf86vm versions 1.1.3 and earlier xcb-proto versions 1.8 and earlier libdmx versions 1.1.3 and earlier
Description The issue is related to multiple vulnerabilities in various packages of the Red Hat Enterprise Linux, Debian GNU/Linux, and Gentoo Linux operating systems. These vulnerabilities can be exploited remotely, leading to a breach of confidentiality, integrity, and availability of protected information. The vulnerabilities are related to integer overflows in the X.org libXp package, which can cause allocation of insufficient memory and a buffer overflow via vectors related to the XpGetAttributes, XpGetOneAttribute, XpGetPrinterList, and XpQueryScreens functions.
Recommendations For libXp versions 1.0.1 and earlier, update to a version later than 1.0.1. For xorg-server versions prior to 1.14.3-r2, update to version 1.14.3-r2 or later. For libXext versions 1.3.2 and earlier, update to a version later than 1.3.2. For libX11 versions 1.6.0 and earlier, update to a version later than 1.6.0. For libXt versions 1.1.4 and earlier, update to a version later than 1.1.4. For libXfixes versions 5.0.1 and earlier, update to a version later than 5.0.1. For libXinerama versions 1.1.3 and earlier, update to a version later than 1.1.3. For libXp-devel versions 1.0.2 and earlier, update to a version later than 1.0.2. For libXt-devel versions 1.1.4 and earlier, update to a version later than 1.1.4. For libXfixes-devel versions 5.0.1 and earlier, update to a version later than 5.0.1. For libXinerama-devel versions 1.1.3 and earlier, update to a version later than 1.1.3. For libXres versions 1.0.7 and earlier, update to a version later than 1.0.7. For libXres-devel versions 1.0.7 and earlier, update to a version later than 1.0.7. For libXrandr versions 1.4.1 and earlier, update to a version later than 1.4.1. For libXrandr-devel versions 1.4.1 and earlier, update to a version later than 1.4.1. For libXv versions 1.0.9 and earlier, update to a version later than 1.0.9. For libXi versions 1.7.2 and earlier, update to a version later than 1.7.2. For libXi-devel versions 1.7.2 and earlier, update to a version later than 1.7.2. For libXcursor versions 1.1.14 and earlier, update to a version later than 1.1.14. For libXcursor-devel versions 1.1.14 and earlier, update to a version later than 1.1.14. For libXrender versions 0.9.8 and earlier, update to a version later than 0.9.8. For libXrender-devel versions 0.9.8 and earlier, update to a version later than 0.9.8. For libXtst versions 1.2.2 and earlier, update to a version later than 1.2.2. For libXtst-debuginfo versions 1.2.2 and earlier, update to a version later than 1.2.2. For libXvMC versions 1.0.8 and earlier, update to a version later than 1.0.8. For libX11-common versions 1.6.0 and earlier, update to a version later than 1.6.0. For libXxf86dga versions 1.1.4 and earlier, update to a version later than 1.1.4. For libXxf86vm versions 1.1.3 and earlier, update to a version later than 1.1.3. For xcb-proto versions 1.8 and earlier, update to a version later than 1.8. For libdmx versions 1.1.3 and earlier, update to a version later than 1.1.3.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-189

Identificadores relacionados

BDU:2015-04109
BDU:2015-06306
BDU:2015-06354
BDU:2015-06355
BDU:2015-06356
BDU:2015-06357
BDU:2015-06358
BDU:2015-06359
BDU:2015-06360
BDU:2015-06361
BDU:2015-06362
BDU:2015-06363
BDU:2015-06364
BDU:2015-06365
BDU:2015-06366
BDU:2015-06367
BDU:2015-06375
BDU:2015-06376
BDU:2015-06377
BDU:2015-06378
BDU:2015-06379
BDU:2015-06380
BDU:2015-06392
BDU:2015-06393
BDU:2015-06394
BDU:2015-06395
BDU:2015-06396
BDU:2015-06397
BDU:2015-06398
BDU:2015-06399
BDU:2015-06400
BDU:2015-06401
BDU:2015-06402
BDU:2015-06403
BDU:2015-06404
BDU:2015-06405
BDU:2015-06406
BDU:2015-06407
BDU:2015-06408
BDU:2015-06409
BDU:2015-06410
BDU:2015-06411
BDU:2015-06412
BDU:2015-06575
BDU:2015-06576
BDU:2015-06577
BDU:2015-06607
BDU:2015-09727
CESA-2014_1436
CVE-2013-2062
DSA-2685-1
MGASA-2013-0186
OPENSUSE-SU-2024:10061-1
RHSA-2014:1436
RHSA-2014_1436
SUSE-SU-2013_1102-1
SUSE-SU-2013_1102-2
SUSE-SU-2014_0915-1

Produtos afetados

Centos
Debian
Gentoo Linux
Red Hat
Suse
Libx11
Libx11-Common
Libxcursor
Libxcursor-Devel
Libxext
Libxfixes
Libxfixes-Devel
Libxi
Libxi-Devel
Libxinerama
Libxinerama-Devel
Libxp
Libxp-Devel
Libxrandr
Libxrandr-Dev
Libxrender
Libxrender-Devel
Libxres
Libxres-Devel
Libxt
Libxt-Devel
Libxtst
Libxtst-Debuginfo
Libxv
Libxvmc
Libxxf86Dga
Libxxf86Vm
Libdmx
Xcb-Proto
Xorg-Server