You are here
Home > Preporuke > Sigurnosni nedostatak programskih paketa libx11 i libxrender

Sigurnosni nedostatak programskih paketa libx11 i libxrender

==========================================================================
Ubuntu Security Notice USN-2568-1
April 13, 2015

libx11, libxrender vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

libx11 could be made to crash or run programs if it processed specially
crafted data.

Software Description:
– libxrender: X11 Rendering Extension client library
– libx11: X11 client-side library

Details:

Abhishek Arya discovered that libX11 incorrectly handled memory in the
MakeBigReq macro. A remote attacker could use this issue to cause
applications to crash, resulting in a denial of service, or possibly
execute arbitrary code.

In addition, following the macro fix in libx11, a number of other packages
have also been rebuilt as security updates including libxrender, libxext,
libxi, libxfixes, libxrandr, libsdl1.2, libxv, libxp, and
xserver-xorg-video-vmware.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libxrender1 1:0.9.8-1build0.14.10.1

Ubuntu 14.04 LTS:
libxrender1 1:0.9.8-1build0.14.04.1

Ubuntu 12.04 LTS:
libx11-dev 2:1.4.99.1-0ubuntu2.3
libxrender1 1:0.9.6-2ubuntu0.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2568-1
CVE-2013-7439

Package Information:
https://launchpad.net/ubuntu/+source/libxrender/1:0.9.8-1build0.14.10.1
https://launchpad.net/ubuntu/+source/libxrender/1:0.9.8-1build0.14.04.1
https://launchpad.net/ubuntu/+source/libx11/2:1.4.99.1-0ubuntu2.3
https://launchpad.net/ubuntu/+source/libxrender/1:0.9.6-2ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVK/5gAAoJEGVp2FWnRL6TzF4P/iEOKsR7HE1dG1KLfX75GQ5s
hykRYNHHCoQYZbXaQ3q1Apjt1tQkfUUJ4tY810s8CdhB2EakmzjMno4qSD5C4X1n
+aZowJoDoeUGty055jzfGR30Cv2fZl8keTQaWAK7VSqTuDQ2MhjvMh3ODlI9QyLr
yGTCebN1f/37w4INNzqplDZLA81n/dVNIqqG0oR9zulPlcdqmQ0/+8LSJXlNR991
xBsrRb2BGZdmnjzQRoFTVS4MjisKj2X61LOSOuwdP2F9u4b27mcroeQjDl48m45F
VLHrmfKOvEPSsdgVbZM+nrcf7r3EoN6qIkrj5qTABG/XxBUNqu2kkLCYTSUj88cE
+szj3J5jyGIL4GVcQPaahrq0zsZJ/7joxRcsfqZf+aTsd9l6oxWH471rg4LecDsl
6n+FshF3lphEFtlhN7G2M2No5DRYiN/ETN0LP39eZzRa6z1+oAGOPgFuVCtF2LoQ
HKShC/rk2UnjFeVyCSpq+ZXcihxIf9ZpTsOF1ktzxXblAlw3B3uHUkDa6PP+hoIq
Kl1DHooS5MPSVWG1Nm+jEEn84nUIRlcTqsfjEgxChfukRD6bNhm2Sq+bLzKKHo0a
Sz2OaIcW6lKzGrB3gFwP0TZoS3/MHLrOYj1GuDvWcdfAV64ZasQ6crT7zDihJmup
43EbYHHcuGqBd5+LpNoo
=dHhs
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivosti programskog paketa ImageMagick

Otkriveno je nekoliko ranjivosti kod programskog paketa ImageMagick za Fedoru. Dvije ranjivosti posljedica su čitanja podataka izvan granica dodijeljene memorije,...

Close