libX11-6-1.6.4-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10395 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libX11-6-1.6.4-2.1 on GA media These are all security issues fixed in the libX11-6-1.6.4-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10395 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10395 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2013-1981/ SUSE CVE CVE-2013-1981 page https://www.suse.com/security/cve/CVE-2013-1997/ SUSE CVE CVE-2013-1997 page https://www.suse.com/security/cve/CVE-2013-2004/ SUSE CVE CVE-2013-2004 page openSUSE Tumbleweed libX11-6-1.6.4-2.1 libX11-6-32bit-1.6.4-2.1 libX11-data-1.6.4-2.1 libX11-devel-1.6.4-2.1 libX11-devel-32bit-1.6.4-2.1 libX11-xcb1-1.6.4-2.1 libX11-xcb1-32bit-1.6.4-2.1 libX11-6-1.6.4-2.1 as a component of openSUSE Tumbleweed libX11-6-32bit-1.6.4-2.1 as a component of openSUSE Tumbleweed libX11-data-1.6.4-2.1 as a component of openSUSE Tumbleweed libX11-devel-1.6.4-2.1 as a component of openSUSE Tumbleweed libX11-devel-32bit-1.6.4-2.1 as a component of openSUSE Tumbleweed libX11-xcb1-1.6.4-2.1 as a component of openSUSE Tumbleweed libX11-xcb1-32bit-1.6.4-2.1 as a component of openSUSE Tumbleweed Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions. CVE-2013-1981 openSUSE Tumbleweed:libX11-6-1.6.4-2.1 openSUSE Tumbleweed:libX11-6-32bit-1.6.4-2.1 openSUSE Tumbleweed:libX11-data-1.6.4-2.1 openSUSE Tumbleweed:libX11-devel-1.6.4-2.1 openSUSE Tumbleweed:libX11-devel-32bit-1.6.4-2.1 openSUSE Tumbleweed:libX11-xcb1-1.6.4-2.1 openSUSE Tumbleweed:libX11-xcb1-32bit-1.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1981.html CVE-2013-1981 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821664 SUSE Bug 821664 Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions. CVE-2013-1997 openSUSE Tumbleweed:libX11-6-1.6.4-2.1 openSUSE Tumbleweed:libX11-6-32bit-1.6.4-2.1 openSUSE Tumbleweed:libX11-data-1.6.4-2.1 openSUSE Tumbleweed:libX11-devel-1.6.4-2.1 openSUSE Tumbleweed:libX11-devel-32bit-1.6.4-2.1 openSUSE Tumbleweed:libX11-xcb1-1.6.4-2.1 openSUSE Tumbleweed:libX11-xcb1-32bit-1.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1997.html CVE-2013-1997 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821664 SUSE Bug 821664 https://bugzilla.suse.com/824294 SUSE Bug 824294 The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file. CVE-2013-2004 openSUSE Tumbleweed:libX11-6-1.6.4-2.1 openSUSE Tumbleweed:libX11-6-32bit-1.6.4-2.1 openSUSE Tumbleweed:libX11-data-1.6.4-2.1 openSUSE Tumbleweed:libX11-devel-1.6.4-2.1 openSUSE Tumbleweed:libX11-devel-32bit-1.6.4-2.1 openSUSE Tumbleweed:libX11-xcb1-1.6.4-2.1 openSUSE Tumbleweed:libX11-xcb1-32bit-1.6.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2004.html CVE-2013-2004 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821664 SUSE Bug 821664