Bug 821584 - (CVE-2013-2064) VUL-0: xorg-x11-libxcb: CVE-2013-2064: Integer overflow leading to heap-based buffer overlow
(CVE-2013-2064)
VUL-0: xorg-x11-libxcb: CVE-2013-2064: Integer overflow leading to heap-based...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
HP-BNB maint:released:sle11-sp2:52628...
:
Depends on:
Blocks: 815451
  Show dependency treegraph
 
Reported: 2013-05-24 09:27 UTC by Alexander Bergmann
Modified: 2014-07-17 17:08 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
libxcb commit 1b33867f (fix for CVE-2013-2064) (1.64 KB, patch)
2013-05-24 10:00 UTC, Alexander Bergmann
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2013-05-24 09:27:16 UTC
Via oss-security:

http://www.openwall.com/lists/oss-security/2013/05/23/3

Redhat Bugzilla Entry:
https://bugzilla.redhat.com/show_bug.cgi?id=960367
-----
An integer overflow leading to a heap-based buffer overflow was found in the read_packet() function of the libxcb library, the X protocol C-language Binding (XCB) library. When a X client is connected to a malicious X server, (modified to return invalid values), it can cause arbirary code execution with the privileges of the user running the X client.
-----
Comment 1 Alexander Bergmann 2013-05-24 09:41:25 UTC
Assigned CVE-2013-2064.
Comment 2 Stefan Dirsch 2013-05-24 09:42:06 UTC
Seems this is part of bnc#815451.

http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
[...]
CVE-2013-2064: libxcb 1.9 and earlier

    Affected functions: read_packet() 
[...]

Close as duplicate?
Comment 3 Alexander Bergmann 2013-05-24 10:00:01 UTC
Created attachment 541119 [details]
libxcb commit 1b33867f (fix for CVE-2013-2064)

It would be good to get this combined with bug#818829 and the running SWAMP 52598.

Could you please resubmit?
Comment 4 Alexander Bergmann 2013-05-24 10:02:03 UTC
This CVE was not mentioned in bnc#815451. It just came in yesterday.
Comment 5 Stefan Dirsch 2013-05-24 12:15:48 UTC
(In reply to comment #3)
> Created an attachment (id=541119) [details]
> libxcb commit 1b33867f (fix for CVE-2013-2064)
> 
> It would be good to get this combined with bug#818829 and the running SWAMP
> 52598.
> 
> Could you please resubmit?

SLE-11-SP1: SR#26580
SLE-11-SP3: SR#26581
Comment 7 Leonardo Chiquitto 2013-05-24 16:46:24 UTC
Package on the way to QA, reassigning to Security Team.
Comment 8 Stefan Dirsch 2013-05-25 09:16:28 UTC
(In reply to comment #7)
> Package on the way to QA, reassigning to Security Team.

Other distribution than SLE11 are not covered yet. Reassigning to myself.
Comment 9 Stefan Dirsch 2013-05-28 12:58:58 UTC
- libxcb is not used yet in SLE9/SLE10
- openSUSE 12.2/12.3: SR#176864
Comment 10 Bernhard Wiedemann 2013-05-28 13:00:21 UTC
This is an autogenerated message for OBS integration:
This bug (821584) was mentioned in
https://build.opensuse.org/request/show/176864 Maintenance /
Comment 11 Stefan Dirsch 2013-05-28 13:00:28 UTC
Reassigning to security team.
Comment 12 Stefan Dirsch 2013-06-03 06:56:23 UTC
SUSE:SLE-11-SP2:Update:HW-Refresh:2013-A:Test: SR#26921
Comment 14 Swamp Workflow Management 2013-06-14 09:05:08 UTC
openSUSE-SU-2013:1007-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 815451,821584
CVE References: CVE-2013-2064
Sources used:
openSUSE 12.3 (src):    libxcb-1.9-2.4.1
openSUSE 12.2 (src):    libxcb-1.8.1-2.8.1
Comment 15 Robert Lemaire 2013-06-27 11:51:17 UTC
(In reply to comment #12)
> SUSE:SLE-11-SP2:Update:HW-Refresh:2013-A:Test: SR#26921

Stefan,

When can we expect this fix in HP preload?

Thanks
Comment 16 Swamp Workflow Management 2013-06-28 04:31:04 UTC
Update released for: xorg-x11-libxcb, xorg-x11-libxcb-32bit, xorg-x11-libxcb-debuginfo, xorg-x11-libxcb-debuginfo-32bit, xorg-x11-libxcb-debuginfo-64bit, xorg-x11-libxcb-debuginfo-x86, xorg-x11-libxcb-debugsource, xorg-x11-libxcb-devel, xorg-x11-libxcb-devel-32bit, xorg-x11-libxcb-x86
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 17 Stefan Dirsch 2013-06-28 04:36:05 UTC
(In reply to comment #15)
> (In reply to comment #12)
> > SUSE:SLE-11-SP2:Update:HW-Refresh:2013-A:Test: SR#26921
> 
> Stefan,
> 
> When can we expect this fix in HP preload?

I don't know, when it will be available in hw-refresh channel.
Comment 18 Sebastian Krahmer 2013-07-01 11:08:54 UTC
done
Comment 19 Swamp Workflow Management 2013-07-01 14:05:16 UTC
Update released for: xorg-x11-libxcb, xorg-x11-libxcb-32bit, xorg-x11-libxcb-debuginfo, xorg-x11-libxcb-debugsource, xorg-x11-libxcb-devel, xorg-x11-libxcb-devel-32bit
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 20 Stefan Dirsch 2013-07-12 12:08:47 UTC
This one can be closed since libxcb is not used yet in SLE9/SLE10. See my comment #9.
Comment 21 Swamp Workflow Management 2014-07-17 17:08:19 UTC
SUSE-SU-2014:0916-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 818829,821584
CVE References: CVE-2013-2064
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    xorg-x11-libxcb-7.4-1.22.5.15