Debian Security Advisory
DLA-654-1 libxfixes -- LTS security update
- Date Reported:
- 14 Oct 2016
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 840442.
In Mitre's CVE dictionary: CVE-2016-7944.
- More information:
It was discovered that there was a integer overflow in libxfixes, a library providing a client interface to the X11
The 32 bit field
rep.lengthwas not checked for validity, which allowed an integer overflow on 32 bit systems. A malicious server could send INT_MAX as
lengthwhich was then multiplied by the size of XRectangle. In this case the client would not read the whole data from server, getting out of sync.
For Debian 7
Wheezy, this issue has been fixed in libxfixes version 1:5.0-4+deb7u2.
We recommend that you upgrade your libxfixes packages.