First Last Prev Next    This bug is not in your last search results.
Bug 1102062 - (CVE-2018-14599) VUL-0: CVE-2018-14599: libX11,xorg-x11-libX11, xorg-x11: off-by-one write in XListExtensions
(CVE-2018-14599)
VUL-0: CVE-2018-14599: libX11,xorg-x11-libX11, xorg-x11: off-by-one write in ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv3:SUSE:CVE-2018-14599:6.5:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-20 13:32 UTC by Johannes Segitz
Modified: 2020-04-24 15:24 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
u_off-by-one-write-in-XListExtensions.patch (2.19 KB, patch)
2018-07-23 12:36 UTC, Stefan Dirsch 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Stefan Dirsch 2018-07-23 12:36:57 UTC 
Created attachment 777745 [details]
u_off-by-one-write-in-XListExtensions.patch
Comment 3 Stefan Dirsch 2018-07-23 12:38:21 UTC 
(In reply to Stefan Dirsch from comment #2)
> Created attachment 777745 [details]
> u_off-by-one-write-in-XListExtensions.patch

Apply before u_out-of-boundary-write-in-XListExtensions.patch of bsc#1102068
Comment 4 Stefan Dirsch 2018-07-23 12:41:38 UTC 
This still needs a CVE number I can add to the patch itself and the RPM changelog entry. Setting to NEEDINFO therefore.
Comment 5 Johannes Segitz 2018-07-26 08:36:29 UTC 
(In reply to Stefan Dirsch from comment #4)
I requested CVEs and will add them as soon as I get them
Comment 6 Johannes Segitz 2018-07-27 07:35:01 UTC 
this was assigned CVE-2018-14599
Comment 7 Stefan Dirsch 2018-08-14 10:56:05 UTC 
SLE considered done. For openSUSE I need a CRD.
Comment 9 Swamp Workflow Management 2018-08-15 08:03:37 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-08-29.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64104
Comment 15 Stefan Dirsch 2018-08-21 12:20:29 UTC 
Fixes submitted for openSUSE Leap 42.3/15.0 and Factory/Tumbleweed. Reassigning back to security team ...
Comment 16 Swamp Workflow Management 2018-08-21 12:50:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1102062) was mentioned in
https://build.opensuse.org/request/show/630767 Factory / libX11
https://build.opensuse.org/request/show/630773 15.0+42.3 / libX11
Comment 18 Swamp Workflow Management 2018-08-31 10:08:09 UTC 
openSUSE-SU-2018:2567-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1102062,1102068,1102073
CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600
Sources used:
openSUSE Leap 42.3 (src):    libX11-1.6.3-10.3.1
Comment 19 Swamp Workflow Management 2018-09-28 13:09:30 UTC 
SUSE-SU-2018:2934-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1102062,1102068,1102073
CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11-SP4 (src):    xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xorg-x11-libX11-7.4-5.11.72.9.1
Comment 20 Swamp Workflow Management 2018-09-30 16:08:17 UTC 
SUSE-SU-2018:2955-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1102062,1102068,1102073
CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600
Sources used:
SUSE Linux Enterprise Module for Basesystem 15 (src):    libX11-1.6.5-3.3.1
Comment 21 Swamp Workflow Management 2018-10-05 10:08:15 UTC 
openSUSE-SU-2018:3012-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1102062,1102068,1102073
CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600
Sources used:
openSUSE Leap 15.0 (src):    libX11-1.6.5-lp150.2.3.1
Comment 22 Swamp Workflow Management 2018-10-11 22:08:34 UTC 
SUSE-SU-2018:3102-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1094327,1102062,1102068,1102073
CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libX11-1.6.2-12.5.1, libxcb-1.10-4.3.1
SUSE Linux Enterprise Server 12-SP3 (src):    libX11-1.6.2-12.5.1, libxcb-1.10-4.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libX11-1.6.2-12.5.1, libxcb-1.10-4.3.1
Comment 23 Alexandros Toptsoglou 2020-04-24 15:24:19 UTC 
Done
First Last Prev Next    This bug is not in your last search results.