Bugzilla – Bug 1102073
VUL-0: CVE-2018-14598: libX11,xorg-x11-libX11, xorg-x11: crash on invalid reply in XListExtensions
Last modified: 2023-04-10 15:43:10 UTC
this got CVE-2018-14598 assigned
Created attachment 779682 [details] u_crash-on-invalid-reply-in-XListExtensions.patch Apply after u_out-of-boundary-write-in-XListExtensions.patch (bsc#1102068).
SLE considered done. For openSUSE I need a CRD.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2018-08-29. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64104
Fixes submitted for openSUSE Leap 42.3/15.0 and Factory/Tumbleweed. Reassigning back to security team ...
This is an autogenerated message for OBS integration: This bug (1102073) was mentioned in https://build.opensuse.org/request/show/630767 Factory / libX11 https://build.opensuse.org/request/show/630773 15.0+42.3 / libX11
is public https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2
openSUSE-SU-2018:2567-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1102062,1102068,1102073 CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600 Sources used: openSUSE Leap 42.3 (src): libX11-1.6.3-10.3.1
SUSE-SU-2018:2934-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1102062,1102068,1102073 CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): xorg-x11-libX11-7.4-5.11.72.9.1 SUSE Linux Enterprise Server 11-SP4 (src): xorg-x11-libX11-7.4-5.11.72.9.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): xorg-x11-libX11-7.4-5.11.72.9.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): xorg-x11-libX11-7.4-5.11.72.9.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): xorg-x11-libX11-7.4-5.11.72.9.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): xorg-x11-libX11-7.4-5.11.72.9.1
SUSE-SU-2018:2955-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1102062,1102068,1102073 CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600 Sources used: SUSE Linux Enterprise Module for Basesystem 15 (src): libX11-1.6.5-3.3.1
openSUSE-SU-2018:3012-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1102062,1102068,1102073 CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600 Sources used: openSUSE Leap 15.0 (src): libX11-1.6.5-lp150.2.3.1
SUSE-SU-2018:3102-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1094327,1102062,1102068,1102073 CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): libX11-1.6.2-12.5.1, libxcb-1.10-4.3.1 SUSE Linux Enterprise Server 12-SP3 (src): libX11-1.6.2-12.5.1, libxcb-1.10-4.3.1 SUSE Linux Enterprise Desktop 12-SP3 (src): libX11-1.6.2-12.5.1, libxcb-1.10-4.3.1
Done