Bug 1102073 (CVE-2018-14598) - VUL-0: CVE-2018-14598: libX11,xorg-x11-libX11, xorg-x11: crash on invalid reply in XListExtensions
Summary: VUL-0: CVE-2018-14598: libX11,xorg-x11-libX11, xorg-x11: crash on invalid rep...
Status: RESOLVED FIXED
Alias: CVE-2018-14598
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2018-08-29
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/211217/
Whiteboard: CVSSv3:SUSE:CVE-2018-14598:6.5:(AV:N/...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-20 13:52 UTC by Johannes Segitz
Modified: 2023-04-10 15:43 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
u_crash-on-invalid-reply-in-XListExtensions.patch (1.23 KB, patch)
2018-08-14 10:43 UTC, Stefan Dirsch
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Johannes Segitz 2018-07-27 07:32:00 UTC
this got CVE-2018-14598 assigned
Comment 3 Stefan Dirsch 2018-08-14 10:43:19 UTC
Created attachment 779682 [details]
u_crash-on-invalid-reply-in-XListExtensions.patch

Apply after u_out-of-boundary-write-in-XListExtensions.patch (bsc#1102068).
Comment 4 Stefan Dirsch 2018-08-14 10:56:25 UTC
SLE considered done. For openSUSE I need a CRD.
Comment 6 Swamp Workflow Management 2018-08-15 08:03:10 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-08-29.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64104
Comment 12 Stefan Dirsch 2018-08-21 12:19:37 UTC
Fixes submitted for openSUSE Leap 42.3/15.0 and Factory/Tumbleweed. Reassigning back to security team ...
Comment 13 Swamp Workflow Management 2018-08-21 12:50:13 UTC
This is an autogenerated message for OBS integration:
This bug (1102073) was mentioned in
https://build.opensuse.org/request/show/630767 Factory / libX11
https://build.opensuse.org/request/show/630773 15.0+42.3 / libX11
Comment 15 Swamp Workflow Management 2018-08-31 10:08:28 UTC
openSUSE-SU-2018:2567-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1102062,1102068,1102073
CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600
Sources used:
openSUSE Leap 42.3 (src):    libX11-1.6.3-10.3.1
Comment 16 Swamp Workflow Management 2018-09-28 13:09:46 UTC
SUSE-SU-2018:2934-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1102062,1102068,1102073
CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11-SP4 (src):    xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xorg-x11-libX11-7.4-5.11.72.9.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xorg-x11-libX11-7.4-5.11.72.9.1
Comment 17 Swamp Workflow Management 2018-09-30 16:08:41 UTC
SUSE-SU-2018:2955-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1102062,1102068,1102073
CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600
Sources used:
SUSE Linux Enterprise Module for Basesystem 15 (src):    libX11-1.6.5-3.3.1
Comment 18 Swamp Workflow Management 2018-10-05 10:08:36 UTC
openSUSE-SU-2018:3012-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1102062,1102068,1102073
CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600
Sources used:
openSUSE Leap 15.0 (src):    libX11-1.6.5-lp150.2.3.1
Comment 19 Swamp Workflow Management 2018-10-11 22:08:53 UTC
SUSE-SU-2018:3102-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1094327,1102062,1102068,1102073
CVE References: CVE-2018-14598,CVE-2018-14599,CVE-2018-14600
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libX11-1.6.2-12.5.1, libxcb-1.10-4.3.1
SUSE Linux Enterprise Server 12-SP3 (src):    libX11-1.6.2-12.5.1, libxcb-1.10-4.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libX11-1.6.2-12.5.1, libxcb-1.10-4.3.1
Comment 20 Alexandros Toptsoglou 2020-04-28 14:35:03 UTC
Done