{"id":"MGASA-2018-0377","summary":"Updated libx11 packages fix security vulnerabilities","details":"Updated libx11 packages fix security vulnerabilities:\n\nAn issue was discovered in XListExtensions in ListExt.c in libX11 through\n1.6.5. A malicious server can send a reply in which the first string\noverflows, causing a variable to be set to NULL that will be freed later\non, leading to DoS (segmentation fault) (CVE-2018-14598).\n\nAn issue was discovered in libX11 through 1.6.5. The function\nXListExtensions in ListExt.c is vulnerable to an off-by-one error caused\nby malicious server responses, leading to DoS or possibly unspecified\nother impact (CVE-2018-14599).\n\nAn issue was discovered in libX11 through 1.6.5. The function\nXListExtensions in ListExt.c interprets a variable as signed instead of\nunsigned, resulting in an out-of-bounds write (of up to 128 bytes),\nleading to DoS or remote code execution (CVE-2018-14600).\n","modified":"2026-02-02T11:01:59.874939Z","published":"2018-09-20T23:17:55Z","related":["CVE-2018-14598","CVE-2018-14599","CVE-2018-14600"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0377.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23474"},{"type":"REPORT","url":"https://openwall.com/lists/oss-security/2018/08/21/6"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2018-08/msg00164.html"},{"type":"REPORT","url":"https://usn.ubuntu.com/3758-1/"}],"affected":[{"package":{"name":"libx11","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libx11?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.5-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0377.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}