Debian Security Advisory
DLA-654-1 libxfixes -- LTS security update
- Date Reported:
- 14 Oct 2016
- Affected Packages:
- libxfixes
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 840442.
In Mitre's CVE dictionary: CVE-2016-7944. - More information:
-
It was discovered that there was a integer overflow in libxfixes, a library providing a client interface to the X11
XFIXES
extension.The 32 bit field
rep.length
was not checked for validity, which allowed an integer overflow on 32 bit systems. A malicious server could send INT_MAX aslength
which was then multiplied by the size of XRectangle. In this case the client would not read the whole data from server, getting out of sync.For Debian 7
Wheezy
, this issue has been fixed in libxfixes version 1:5.0-4+deb7u2.We recommend that you upgrade your libxfixes packages.