{"id":"MGASA-2018-0011","summary":"Updated X11 client libraries packages fix security vulnerability","details":"The XvQueryAdaptors and XvQueryEncodings functions in X.org libXv before\n1.0.11 allow remote X servers to trigger out-of-bounds memory access\noperations via vectors involving length specifications in received data\n(CVE-2016-5407).\n\nThe XGetImage function in X.org libX11 before 1.6.4 might allow remote X\nservers to gain privileges via vectors involving image type and geometry,\nwhich triggers out-of-bounds read operations (CVE-2016-7942).\n\nThe XListFonts function in X.org libX11 before 1.6.4 might allow remote X\nservers to gain privileges via vectors involving length fields, which\ntrigger out-of-bounds write operations (CVE-2016-7943).\n\nInteger overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might\nallow remote X servers to gain privileges via a length value of INT_MAX,\nwhich triggers the client to stop reading data and get out of sync\n(CVE-2016-7944).\n\nMultiple integer overflows in X.org libXi before 1.7.7 allow remote X\nservers to cause a denial of service (out-of-bounds memory access or\ninfinite loop) via vectors involving length fields (CVE-2016-7945).\n\nX.org libXi before 1.7.7 allows remote X servers to cause a denial of\nservice (infinite loop) via vectors involving length fields\n(CVE-2016-7946).\n\nMultiple integer overflows in X.org libXrandr before 1.5.1 allow remote X\nservers to trigger out-of-bounds write operations via a crafted response\n(CVE-2016-7947).\n\nX.org libXrandr before 1.5.1 allows remote X servers to trigger\nout-of-bounds write operations by leveraging mishandling of reply data\n(CVE-2016-7948).\n\nMultiple buffer overflows in the XvQueryAdaptors and XvQueryEncodings\nfunctions in X.org libXrender before 0.9.10 allow remote X servers to\ntrigger out-of-bounds write operations via vectors involving length fields\n(CVE-2016-7949).\n\nThe XRenderQueryFilters function in X.org libXrender before 0.9.10 allows\nremote X servers to trigger out-of-bounds write operations via vectors\ninvolving filter name lengths (CVE-2016-7950).\n\nMultiple integer overflows in X.org libXtst before 1.2.3 allow remote X\nservers to trigger out-of-bounds memory access operations by leveraging\nthe lack of range checks (CVE-2016-7951).\n\nX.org libXtst before 1.2.3 allows remote X servers to cause a denial of\nservice (infinite loop) via a reply in the XRecordStartOfData,\nXRecordEndOfData, or XRecordClientDied category without a client sequence\nand with attached data (CVE-2016-7952).\n\nBuffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to\nhave unspecified impact via an empty string (CVE-2016-7953).\n","modified":"2026-01-30T10:36:24.843930Z","published":"2018-01-01T15:50:28Z","related":["CVE-2016-5407","CVE-2016-7942","CVE-2016-7943","CVE-2016-7944","CVE-2016-7945","CVE-2016-7946","CVE-2016-7947","CVE-2016-7948","CVE-2016-7949","CVE-2016-7950","CVE-2016-7951","CVE-2016-7952","CVE-2016-7953"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0011.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19530"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2016/10/04/4"}],"affected":[{"package":{"name":"libx11","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libx11?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.5-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0011.json"}},{"package":{"name":"libxv","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libxv?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.11-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0011.json"}},{"package":{"name":"libxrender","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libxrender?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.10-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0011.json"}},{"package":{"name":"libxtst","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libxtst?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.3-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0011.json"}},{"package":{"name":"libxi","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libxi?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.7-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0011.json"}},{"package":{"name":"libxrandr","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libxrandr?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.2-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0011.json"}},{"package":{"name":"libxfixes","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libxfixes?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0.3-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0011.json"}},{"package":{"name":"libxvmc","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libxvmc?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.10-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0011.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}