First Last Prev Next    This bug is not in your last search results.
Bug 821584 - (CVE-2013-2064) VUL-0: xorg-x11-libxcb: CVE-2013-2064: Integer overflow leading to heap-based buffer overlow
(CVE-2013-2064)
VUL-0: xorg-x11-libxcb: CVE-2013-2064: Integer overflow leading to heap-based...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
HP-BNB maint:released:sle11-sp2:52628...
:
Depends on:
Blocks: 815451
  Show dependency treegraph
 
Reported: 2013-05-24 09:27 UTC by Alexander Bergmann
Modified: 2014-07-17 17:08 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
libxcb commit 1b33867f (fix for CVE-2013-2064) (1.64 KB, patch)
2013-05-24 10:00 UTC, Alexander Bergmann 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2013-05-24 09:27:16 UTC 
Via oss-security:

http://www.openwall.com/lists/oss-security/2013/05/23/3

Redhat Bugzilla Entry:
https://bugzilla.redhat.com/show_bug.cgi?id=960367
-----
An integer overflow leading to a heap-based buffer overflow was found in the read_packet() function of the libxcb library, the X protocol C-language Binding (XCB) library. When a X client is connected to a malicious X server, (modified to return invalid values), it can cause arbirary code execution with the privileges of the user running the X client.
-----
Comment 1 Alexander Bergmann 2013-05-24 09:41:25 UTC 
Assigned CVE-2013-2064.
Comment 2 Stefan Dirsch 2013-05-24 09:42:06 UTC 
Seems this is part of bnc#815451.

http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
[...]
CVE-2013-2064: libxcb 1.9 and earlier

    Affected functions: read_packet() 
[...]

Close as duplicate?
Comment 3 Alexander Bergmann 2013-05-24 10:00:01 UTC 
Created attachment 541119 [details]
libxcb commit 1b33867f (fix for CVE-2013-2064)

It would be good to get this combined with bug#818829 and the running SWAMP 52598.

Could you please resubmit?
Comment 4 Alexander Bergmann 2013-05-24 10:02:03 UTC 
This CVE was not mentioned in bnc#815451. It just came in yesterday.
Comment 5 Stefan Dirsch 2013-05-24 12:15:48 UTC 
(In reply to comment #3)
> Created an attachment (id=541119) [details]
> libxcb commit 1b33867f (fix for CVE-2013-2064)
> 
> It would be good to get this combined with bug#818829 and the running SWAMP
> 52598.
> 
> Could you please resubmit?

SLE-11-SP1: SR#26580
SLE-11-SP3: SR#26581
Comment 7 Leonardo Chiquitto 2013-05-24 16:46:24 UTC 
Package on the way to QA, reassigning to Security Team.
Comment 8 Stefan Dirsch 2013-05-25 09:16:28 UTC 
(In reply to comment #7)
> Package on the way to QA, reassigning to Security Team.

Other distribution than SLE11 are not covered yet. Reassigning to myself.
Comment 9 Stefan Dirsch 2013-05-28 12:58:58 UTC 
- libxcb is not used yet in SLE9/SLE10
- openSUSE 12.2/12.3: SR#176864
Comment 10 Bernhard Wiedemann 2013-05-28 13:00:21 UTC 
This is an autogenerated message for OBS integration:
This bug (821584) was mentioned in
https://build.opensuse.org/request/show/176864 Maintenance /
Comment 11 Stefan Dirsch 2013-05-28 13:00:28 UTC 
Reassigning to security team.
Comment 12 Stefan Dirsch 2013-06-03 06:56:23 UTC 
SUSE:SLE-11-SP2:Update:HW-Refresh:2013-A:Test: SR#26921
Comment 14 Swamp Workflow Management 2013-06-14 09:05:08 UTC 
openSUSE-SU-2013:1007-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 815451,821584
CVE References: CVE-2013-2064
Sources used:
openSUSE 12.3 (src):    libxcb-1.9-2.4.1
openSUSE 12.2 (src):    libxcb-1.8.1-2.8.1
Comment 15 Robert Lemaire 2013-06-27 11:51:17 UTC 
(In reply to comment #12)
> SUSE:SLE-11-SP2:Update:HW-Refresh:2013-A:Test: SR#26921

Stefan,

When can we expect this fix in HP preload?

Thanks
Comment 16 Swamp Workflow Management 2013-06-28 04:31:04 UTC 
Update released for: xorg-x11-libxcb, xorg-x11-libxcb-32bit, xorg-x11-libxcb-debuginfo, xorg-x11-libxcb-debuginfo-32bit, xorg-x11-libxcb-debuginfo-64bit, xorg-x11-libxcb-debuginfo-x86, xorg-x11-libxcb-debugsource, xorg-x11-libxcb-devel, xorg-x11-libxcb-devel-32bit, xorg-x11-libxcb-x86
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 17 Stefan Dirsch 2013-06-28 04:36:05 UTC 
(In reply to comment #15)
> (In reply to comment #12)
> > SUSE:SLE-11-SP2:Update:HW-Refresh:2013-A:Test: SR#26921
> 
> Stefan,
> 
> When can we expect this fix in HP preload?

I don't know, when it will be available in hw-refresh channel.
Comment 18 Sebastian Krahmer 2013-07-01 11:08:54 UTC 
done
Comment 19 Swamp Workflow Management 2013-07-01 14:05:16 UTC 
Update released for: xorg-x11-libxcb, xorg-x11-libxcb-32bit, xorg-x11-libxcb-debuginfo, xorg-x11-libxcb-debugsource, xorg-x11-libxcb-devel, xorg-x11-libxcb-devel-32bit
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 20 Stefan Dirsch 2013-07-12 12:08:47 UTC 
This one can be closed since libxcb is not used yet in SLE9/SLE10. See my comment #9.
Comment 21 Swamp Workflow Management 2014-07-17 17:08:19 UTC 
SUSE-SU-2014:0916-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 818829,821584
CVE References: CVE-2013-2064
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    xorg-x11-libxcb-7.4-1.22.5.15
First Last Prev Next    This bug is not in your last search results.