Moderate CentOS libdmx Security Update

Metadata

high
7.5
libX11-1.6.0-2.2.el6.i686.rpm, libX11-1.6.0-2.2.el6.src.rpm, libX11-1.6.0-2.2.el6.x86_64.rpm, libX11-common-1.6.0-2.2.el6.noarch.rpm, libX11-devel-1.6.0-2.2.el6.i686.rpm, libX11-devel-1.6.0-2.2.el6.x86_64.rpm, libXcursor-1.1.14-2.1.el6.i686.rpm, libXcursor-1.1.14-2.1.el6.src.rpm, libXcursor-1.1.14-2.1.el6.x86_64.rpm, libXcursor-devel-1.1.14-2.1.el6.i686.rpm, libXcursor-devel-1.1.14-2.1.el6.x86_64.rpm, libXext-1.3.2-2.1.el6.i686.rpm, libXext-1.3.2-2.1.el6.src.rpm, libXext-1.3.2-2.1.el6.x86_64.rpm, libXext-devel-1.3.2-2.1.el6.i686.rpm, libXext-devel-1.3.2-2.1.el6.x86_64.rpm, libXfixes-5.0.1-2.1.el6.i686.rpm, libXfixes-5.0.1-2.1.el6.src.rpm, libXfixes-5.0.1-2.1.el6.x86_64.rpm, libXfixes-devel-5.0.1-2.1.el6.i686.rpm, libXfixes-devel-5.0.1-2.1.el6.x86_64.rpm, libXi-1.7.2-2.2.el6.i686.rpm, libXi-1.7.2-2.2.el6.src.rpm, libXi-1.7.2-2.2.el6.x86_64.rpm, libXi-devel-1.7.2-2.2.el6.i686.rpm, libXi-devel-1.7.2-2.2.el6.x86_64.rpm, libXinerama-1.1.3-2.1.el6.i686.rpm, libXinerama-1.1.3-2.1.el6.src.rpm, libXinerama-1.1.3-2.1.el6.x86_64.rpm, libXinerama-devel-1.1.3-2.1.el6.i686.rpm, libXinerama-devel-1.1.3-2.1.el6.x86_64.rpm, libXp-1.0.2-2.1.el6.i686.rpm, libXp-1.0.2-2.1.el6.src.rpm, libXp-1.0.2-2.1.el6.x86_64.rpm, libXp-devel-1.0.2-2.1.el6.i686.rpm, libXp-devel-1.0.2-2.1.el6.x86_64.rpm, libXrandr-1.4.1-2.1.el6.i686.rpm, libXrandr-1.4.1-2.1.el6.src.rpm, libXrandr-1.4.1-2.1.el6.x86_64.rpm, libXrandr-devel-1.4.1-2.1.el6.i686.rpm, libXrandr-devel-1.4.1-2.1.el6.x86_64.rpm, libXrender-0.9.8-2.1.el6.i686.rpm, libXrender-0.9.8-2.1.el6.src.rpm, libXrender-0.9.8-2.1.el6.x86_64.rpm, libXrender-devel-0.9.8-2.1.el6.i686.rpm, libXrender-devel-0.9.8-2.1.el6.x86_64.rpm, libXres-1.0.7-2.1.el6.i686.rpm, libXres-1.0.7-2.1.el6.src.rpm, libXres-1.0.7-2.1.el6.x86_64.rpm, libXres-devel-1.0.7-2.1.el6.i686.rpm, libXres-devel-1.0.7-2.1.el6.x86_64.rpm, libXt-1.1.4-6.1.el6.i686.rpm, libXt-1.1.4-6.1.el6.src.rpm, libXt-1.1.4-6.1.el6.x86_64.rpm, libXt-devel-1.1.4-6.1.el6.i686.rpm, libXt-devel-1.1.4-6.1.el6.x86_64.rpm, libXtst-1.2.2-2.1.el6.i686.rpm, libXtst-1.2.2-2.1.el6.src.rpm, libXtst-1.2.2-2.1.el6.x86_64.rpm, libXtst-devel-1.2.2-2.1.el6.i686.rpm, libXtst-devel-1.2.2-2.1.el6.x86_64.rpm, libXv-1.0.9-2.1.el6.i686.rpm, libXv-1.0.9-2.1.el6.src.rpm, libXv-1.0.9-2.1.el6.x86_64.rpm, libXv-devel-1.0.9-2.1.el6.i686.rpm, libXv-devel-1.0.9-2.1.el6.x86_64.rpm, libXvMC-1.0.8-2.1.el6.i686.rpm, libXvMC-1.0.8-2.1.el6.src.rpm, libXvMC-1.0.8-2.1.el6.x86_64.rpm, libXvMC-devel-1.0.8-2.1.el6.i686.rpm, libXvMC-devel-1.0.8-2.1.el6.x86_64.rpm, libXxf86dga-1.1.4-2.1.el6.i686.rpm, libXxf86dga-1.1.4-2.1.el6.src.rpm, libXxf86dga-1.1.4-2.1.el6.x86_64.rpm, libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm, libXxf86dga-devel-1.1.4-2.1.el6.x86_64.rpm, libXxf86vm-1.1.3-2.1.el6.i686.rpm, libXxf86vm-1.1.3-2.1.el6.src.rpm, libXxf86vm-1.1.3-2.1.el6.x86_64.rpm, libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm, libXxf86vm-devel-1.1.3-2.1.el6.x86_64.rpm, libdmx-1.1.3-3.el6.i686.rpm, libdmx-1.1.3-3.el6.src.rpm, libdmx-1.1.3-3.el6.x86_64.rpm, libdmx-devel-1.1.3-3.el6.i686.rpm, libdmx-devel-1.1.3-3.el6.x86_64.rpm, libxcb-1.9.1-2.el6.i686.rpm, libxcb-1.9.1-2.el6.src.rpm, libxcb-1.9.1-2.el6.x86_64.rpm, libxcb-devel-1.9.1-2.el6.i686.rpm, libxcb-devel-1.9.1-2.el6.x86_64.rpm, libxcb-doc-1.9.1-2.el6.noarch.rpm, libxcb-python-1.9.1-2.el6.i686.rpm, libxcb-python-1.9.1-2.el6.x86_64.rpm, xcb-proto-1.8-3.el6.noarch.rpm, xcb-proto-1.8-3.el6.src.rpm, xkeyboard-config-2.11-1.el6.noarch.rpm, xkeyboard-config-2.11-1.el6.src.rpm, xkeyboard-config-devel-2.11-1.el6.noarch.rpm, xorg-x11-proto-devel-7.7-9.el6.noarch.rpm, xorg-x11-proto-devel-7.7-9.el6.src.rpm, xorg-x11-xtrans-devel-1.3.4-1.el6.noarch.rpm, xorg-x11-xtrans-devel-1.3.4-1.el6.src.rpm
CVE-2013-1981, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-1992, CVE-2013-1995, CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2003, CVE-2013-2004, CVE-2013-2005, CVE-2013-2062, CVE-2013-2063, CVE-2013-2064, CVE-2013-2066, CVE-2013-7439
rhn.redhat.com, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org, lists.centos.org
2014-10-20
2017-07-27 19:07
ALAS-2014-406
ALAS-2014-452
ALAS-2014-403
ALAS-2014-405
CVE-2013-2063 libxtst
CVE-2013-7439 libx11
CVE-2013-1983 libxfixes
CVE-2013-1988 libxres
CVE-2013-1990 libxvmc
CVE-2013-2003 libxcursor
CVE-2013-2064 libxcb
CVE-2013-1992 libdmx
CVE-2013-1986 libxrandr
CVE-2013-2066 libxv
CVE-2013-1999 libxvmc
CVE-2013-1997 libx11
CVE-2013-2005 libxt
CVE-2013-1989 libxv
CVE-2013-2004 libx11
CVE-2013-1998 libxi
CVE-2013-2002 libxt
CVE-2013-1982 libxext
CVE-2013-1984 libxi
CVE-2013-2001 libxxf86vm
CVE-2013-1991 libxxf86dga
CVE-2013-1985 libxinerama
CVE-2013-2000 libxxf86dga
CVE-2013-1995 libxi
CVE-2013-2062 libxp
CVE-2013-1987 libxrender
CVE-2013-1981 libx11
CVE-2013-1995
CVE-2013-2005
CVE-2013-2062
CVE-2013-2000
CVE-2013-2002
CVE-2013-2003
CVE-2013-2063
CVE-2013-1988
CVE-2013-2064
CVE-2013-1999
CVE-2013-1987
CVE-2013-1983
CVE-2013-1982
CVE-2013-1986
CVE-2013-2004
CVE-2013-2066
CVE-2013-1991
CVE-2013-1992
CVE-2013-1997
CVE-2013-2001
CVE-2013-1998
CVE-2013-1981
CVE-2013-1990
CVE-2013-1985
CVE-2013-7439
CVE-2013-1989
CVE-2013-1984
2017-04-01 19:08
2017-01-05 20:12

Description


Updated X11 client libraries packages that fix multiple security issues,
several bugs, and add various enhancements are now available for Red Hat
Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

The X11 (Xorg) libraries provide library routines that are used within all
X Window applications.

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way various X11 client libraries handled certain protocol
data. An attacker able to submit invalid protocol data to an X11 server via
a malicious X11 client could use either of these flaws to potentially
escalate their privileges on the system. (CVE-2013-1981, CVE-2013-1982,
CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987,
CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-2003,
CVE-2013-2062, CVE-2013-2064)

Multiple array index errors, leading to heap-based buffer out-of-bounds
write flaws, were found in the way various X11 client libraries handled
data returned from an X11 server. A malicious X11 server could possibly use
this flaw to execute arbitrary code with the privileges of the user running
an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000,
CVE-2013-2001, CVE-2013-2002, CVE-2013-2066)

A buffer overflow flaw was found in the way the XListInputDevices()
function of X.Org X11's libXi runtime library handled signed numbers.
A malicious X11 server could possibly use this flaw to execute arbitrary
code with the privileges of the user running an X11 client. (CVE-2013-1995)

A flaw was found in the way the X.Org X11 libXt runtime library used
uninitialized pointers. A malicious X11 server could possibly use this flaw
to execute arbitrary code with the privileges of the user running an X11
client. (CVE-2013-2005)

Two stack-based buffer overflow flaws were found in the way libX11, the
Core X11 protocol client library, processed certain user-specified files.
A malicious X11 server could possibly use this flaw to crash an X11 client
via a specially crafted file. (CVE-2013-2004)

The xkeyboard-config package has been upgraded to upstream version 2.11,
which provides a number of bug fixes and enhancements over the previous
version. (BZ#1077471)

This update also fixes the following bugs:

* Previously, updating the mesa-libGL package did not update the libX11
package, although it was listed as a dependency of mesa-libGL. This bug has
been fixed and updating mesa-libGL now updates all dependent packages as
expected. (BZ#1054614)

* Previously, closing a customer application could occasionally cause the X
Server to terminate unexpectedly. After this update, the X Server no longer
hangs when a user closes a customer application. (BZ#971626)

All X11 client libraries users are advised to upgrade to these updated
packages, which correct these issues and add these enhancements.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 libdmx libdmx-1.1.3-3.el6.src.rpm
libdmx libdmx-1.1.3-3.el6.i686.rpm
libdmx libdmx-1.1.3-3.el6.x86_64.rpm
libdmx-devel libdmx-devel-1.1.3-3.el6.i686.rpm
libdmx-devel libdmx-devel-1.1.3-3.el6.x86_64.rpm
libX11 libX11-1.6.0-2.2.el6.x86_64.rpm
libX11 libX11-1.6.0-2.2.el6.src.rpm
libX11 libX11-1.6.0-2.2.el6.i686.rpm
libX11-common libX11-common-1.6.0-2.2.el6.noarch.rpm
libX11-devel libX11-devel-1.6.0-2.2.el6.x86_64.rpm
libX11-devel libX11-devel-1.6.0-2.2.el6.i686.rpm
libxcb libxcb-1.9.1-2.el6.i686.rpm
libxcb libxcb-1.9.1-2.el6.src.rpm
libxcb libxcb-1.9.1-2.el6.x86_64.rpm
libxcb-devel libxcb-devel-1.9.1-2.el6.x86_64.rpm
libxcb-devel libxcb-devel-1.9.1-2.el6.i686.rpm
libxcb-doc libxcb-doc-1.9.1-2.el6.noarch.rpm
libxcb-python libxcb-python-1.9.1-2.el6.i686.rpm
libxcb-python libxcb-python-1.9.1-2.el6.x86_64.rpm
libXcursor libXcursor-1.1.14-2.1.el6.i686.rpm
libXcursor libXcursor-1.1.14-2.1.el6.src.rpm
libXcursor libXcursor-1.1.14-2.1.el6.x86_64.rpm
libXcursor-devel libXcursor-devel-1.1.14-2.1.el6.x86_64.rpm
libXcursor-devel libXcursor-devel-1.1.14-2.1.el6.i686.rpm
libXext libXext-1.3.2-2.1.el6.i686.rpm
libXext libXext-1.3.2-2.1.el6.x86_64.rpm
libXext libXext-1.3.2-2.1.el6.src.rpm
libXext-devel libXext-devel-1.3.2-2.1.el6.i686.rpm
libXext-devel libXext-devel-1.3.2-2.1.el6.x86_64.rpm
libXfixes libXfixes-5.0.1-2.1.el6.i686.rpm
libXfixes libXfixes-5.0.1-2.1.el6.x86_64.rpm
libXfixes libXfixes-5.0.1-2.1.el6.src.rpm
libXfixes-devel libXfixes-devel-5.0.1-2.1.el6.i686.rpm
libXfixes-devel libXfixes-devel-5.0.1-2.1.el6.x86_64.rpm
libXi libXi-1.7.2-2.2.el6.i686.rpm
libXi libXi-1.7.2-2.2.el6.src.rpm
libXi libXi-1.7.2-2.2.el6.x86_64.rpm
libXi-devel libXi-devel-1.7.2-2.2.el6.i686.rpm
libXi-devel libXi-devel-1.7.2-2.2.el6.x86_64.rpm
libXinerama libXinerama-1.1.3-2.1.el6.x86_64.rpm
libXinerama libXinerama-1.1.3-2.1.el6.i686.rpm
libXinerama libXinerama-1.1.3-2.1.el6.src.rpm
libXinerama-devel libXinerama-devel-1.1.3-2.1.el6.x86_64.rpm
libXinerama-devel libXinerama-devel-1.1.3-2.1.el6.i686.rpm
libXp libXp-1.0.2-2.1.el6.src.rpm
libXp libXp-1.0.2-2.1.el6.x86_64.rpm
libXp libXp-1.0.2-2.1.el6.i686.rpm
libXp-devel libXp-devel-1.0.2-2.1.el6.x86_64.rpm
libXp-devel libXp-devel-1.0.2-2.1.el6.i686.rpm
libXrandr libXrandr-1.4.1-2.1.el6.x86_64.rpm
libXrandr libXrandr-1.4.1-2.1.el6.i686.rpm
libXrandr libXrandr-1.4.1-2.1.el6.src.rpm
libXrandr-devel libXrandr-devel-1.4.1-2.1.el6.i686.rpm
libXrandr-devel libXrandr-devel-1.4.1-2.1.el6.x86_64.rpm
libXrender libXrender-0.9.8-2.1.el6.i686.rpm
libXrender libXrender-0.9.8-2.1.el6.x86_64.rpm
libXrender libXrender-0.9.8-2.1.el6.src.rpm
libXrender-devel libXrender-devel-0.9.8-2.1.el6.i686.rpm
libXrender-devel libXrender-devel-0.9.8-2.1.el6.x86_64.rpm
libXres libXres-1.0.7-2.1.el6.src.rpm
libXres libXres-1.0.7-2.1.el6.i686.rpm
libXres libXres-1.0.7-2.1.el6.x86_64.rpm
libXres-devel libXres-devel-1.0.7-2.1.el6.i686.rpm
libXres-devel libXres-devel-1.0.7-2.1.el6.x86_64.rpm
libXt libXt-1.1.4-6.1.el6.i686.rpm
libXt libXt-1.1.4-6.1.el6.x86_64.rpm
libXt libXt-1.1.4-6.1.el6.src.rpm
libXt-devel libXt-devel-1.1.4-6.1.el6.i686.rpm
libXt-devel libXt-devel-1.1.4-6.1.el6.x86_64.rpm
libXtst libXtst-1.2.2-2.1.el6.src.rpm
libXtst libXtst-1.2.2-2.1.el6.x86_64.rpm
libXtst libXtst-1.2.2-2.1.el6.i686.rpm
libXtst-devel libXtst-devel-1.2.2-2.1.el6.i686.rpm
libXtst-devel libXtst-devel-1.2.2-2.1.el6.x86_64.rpm
libXv libXv-1.0.9-2.1.el6.x86_64.rpm
libXv libXv-1.0.9-2.1.el6.i686.rpm
libXv libXv-1.0.9-2.1.el6.src.rpm
libXv-devel libXv-devel-1.0.9-2.1.el6.i686.rpm
libXv-devel libXv-devel-1.0.9-2.1.el6.x86_64.rpm
libXvMC libXvMC-1.0.8-2.1.el6.src.rpm
libXvMC libXvMC-1.0.8-2.1.el6.i686.rpm
libXvMC libXvMC-1.0.8-2.1.el6.x86_64.rpm
libXvMC-devel libXvMC-devel-1.0.8-2.1.el6.i686.rpm
libXvMC-devel libXvMC-devel-1.0.8-2.1.el6.x86_64.rpm
libXxf86dga libXxf86dga-1.1.4-2.1.el6.src.rpm
libXxf86dga libXxf86dga-1.1.4-2.1.el6.i686.rpm
libXxf86dga libXxf86dga-1.1.4-2.1.el6.x86_64.rpm
libXxf86dga-devel libXxf86dga-devel-1.1.4-2.1.el6.i686.rpm
libXxf86dga-devel libXxf86dga-devel-1.1.4-2.1.el6.x86_64.rpm
libXxf86vm libXxf86vm-1.1.3-2.1.el6.x86_64.rpm
libXxf86vm libXxf86vm-1.1.3-2.1.el6.i686.rpm
libXxf86vm libXxf86vm-1.1.3-2.1.el6.src.rpm
libXxf86vm-devel libXxf86vm-devel-1.1.3-2.1.el6.i686.rpm
libXxf86vm-devel libXxf86vm-devel-1.1.3-2.1.el6.x86_64.rpm
xcb-proto xcb-proto-1.8-3.el6.noarch.rpm
xcb-proto xcb-proto-1.8-3.el6.src.rpm
xkeyboard-config xkeyboard-config-2.11-1.el6.noarch.rpm
xkeyboard-config xkeyboard-config-2.11-1.el6.src.rpm
xkeyboard-config-devel xkeyboard-config-devel-2.11-1.el6.noarch.rpm
xorg-x11-proto-devel xorg-x11-proto-devel-7.7-9.el6.noarch.rpm
xorg-x11-proto-devel xorg-x11-proto-devel-7.7-9.el6.src.rpm
xorg-x11-xtrans-devel xorg-x11-xtrans-devel-1.3.4-1.el6.noarch.rpm
xorg-x11-xtrans-devel xorg-x11-xtrans-devel-1.3.4-1.el6.src.rpm