[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 654-1] libxfixes security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libxfixes
Version        : 1:5.0-4+deb7u2
CVE ID         : CVE-2016-7944
Debian Bug     : 840442

It was discovered that there was a integer overflow in libxfixes, a library
providing a client interface to the X11 'XFIXES' extension.

The 32 bit field "rep.length" was not checked for validity, which allowed an
integer overflow on 32 bit systems. A malicious server could send INT_MAX as
"length" which was then multiplied by the size of XRectangle. In this case the
client would not read the whole data from server, getting out of sync.

For Debian 7 "Wheezy", this issue has been fixed in libxfixes version
1:5.0-4+deb7u2.

We recommend that you upgrade your libxfixes packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYAJogAAoJEB6VPifUMR5YNo4P/Rytl+2jAi+cwN9Mw1Yfq39i
v5xiSaW4hV8/7ADpF53uBT2eXo61zEfcnMsHu/3MYrkc0Bdx5KWDVnNhC/PJ2+X6
nKf287fOs4x43PwuGJqnRNJt0spiUymf7VpIX4E+zzUuW8KyK4Urc1xXDCBmekny
NKUZtZc7xAYaAUgtEVTYnhHYkO6oARmtb0y25VxgOg+jkUi4nP9y6B65rYfnkbjQ
J4BiWmTmXyR7wl0n4eZphNtUmDpRUhnZ8F+dH76P1wIlKWN9FNS111WaslgAXopn
nHCq13pUm7F78MFbOmNHY5/mZThxeTa2PRGwIj1CFFYRXqMAulTMIcLnYoVz3rTY
EtUYT2jdwlOGDEMrYThuksT13YeF+nIjMmSoNeYXhkcQNQV+bct5aMm3LTbZ+Jb0
GCozcSGArwLLj94OKjfyR/qaMq7thtmZgemqoVp6I3YgPgojyG9c3cGBvVsTbb8a
rUv8HG6tDGR+ec4NkTPy+IjeKGnwUx351JauJk6SZqEHIR77AbE5nBvwOGTvtXOi
v/lh9SIr3Bj+4JWq1JWl2d6dm3UGLr5zL3fBsKPd8mUF/lgO40oMf+pq/h93ReD1
4Jj7wlAoE2+hfzR4wAa8y9ptL/IdPl47Wz9r8DdpvL20KD6CNTrnv9H2iiYv6AaO
ug9p/munNyJlVjbIEqjc
=jLWm
-----END PGP SIGNATURE-----
Reply to: