UbuntuUpdates.org

Package "libx11-data"

Name: libx11-data

Description:

X11 client-side library
Latest version: 2:1.6.4-3ubuntu0.4
Release: bionic (18.04)
Level: security
Repository: main
Head package: libx11

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libx11-data"

All arch deb package
APT INSTALL

Other versions of "libx11-data" in Bionic

Repository Area Version
base main 2:1.6.4-3
updates main 2:1.6.4-3ubuntu0.4

Changelog

Version: 2:1.6.4-3ubuntu0.4 2021-05-25 18:06:26 UTC

  libx11 (2:1.6.4-3ubuntu0.4) bionic-security; urgency=medium

  * SECURITY UPDATE: extra X protocol requests via unchecked string lengths
    - debian/patches/CVE-2021-31535.patch: reject strings longer than
      USHRT_MAX before sending them on the wire in src/Font.c,
      src/FontInfo.c, src/FontNames.c, src/GetColor.c, src/LoadFont.c,
      src/LookupCol.c, src/ParseCol.c, src/QuExt.c, src/SetFPath.c,
      src/SetHints.c, src/StNColor.c, src/StName.c .
    - CVE-2021-31535

 -- Marc Deslauriers <email address hidden> Wed, 19 May 2021 13:07:50 -0400
Source diff to previous version

Version: 2:1.6.4-3ubuntu0.3 2020-09-02 14:06:19 UTC

  libx11 (2:1.6.4-3ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow and heap overflow in XIM client
    - debian/patches/CVE-2020-14344-1.patch: fix signed length values in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-2.patch: fix integer overflows in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-3.patch: fix more unchecked lengths in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-4.patch: zero out buffers in functions
      in modules/im/ximcp/imDefIc.c, modules/im/ximcp/imDefIm.c.
    - debian/patches/CVE-2020-14344-5.patch: change the data_len parameter
      to CARD16 in modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-6.patch: fix size calculation in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-7.patch: fix input clients connecting
      to server in modules/im/ximcp/imRmAttr.c.
    - CVE-2020-14344
  * SECURITY UPDATE: integer overflow and double free in locale handling
    - debian/patches/CVE-2020-14363.patch: fix an integer overflow in
      modules/om/generic/omGeneric.c.
    - CVE-2020-14363

 -- Marc Deslauriers <email address hidden> Mon, 31 Aug 2020 12:10:10 -0400
Source diff to previous version
CVE-2020-14344 An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. A
CVE-2020-14363 Double free in libX11 locale handling code

Version: 2:1.6.4-3ubuntu0.1 2018-08-30 19:07:20 UTC

  libx11 (2:1.6.4-3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14598.patch: fix in src/GetFPath.c,
      src/ListExt.c.
    - CVE-2018-14598
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14599.patch: fix in src/FontNames.c,
      src/GetFPath.c, src/ListExt.c.
    - CVE-2018-14599
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14600.patch: fix in src/GetFPath.
    - CVE-2018-14600

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 29 Aug 2018 15:18:18 -0300
CVE-2018-14598 An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overfl
CVE-2018-14599 An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious s
CVE-2018-14600 An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resul


About   -   Send Feedback to @ubuntu_updates