An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
Weakness
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libx11 | X.org | * | 1.6.5 (including) |
| Red Hat Enterprise Linux 7 | RedHat | gdm-1:3.28.2-16.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libX11-0:1.6.7-2.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | libxkbcommon-0:0.7.1-3.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | mesa-libGLw-0:8.0.0-5.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | xorg-x11-drv-ati-0:19.0.1-2.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | xorg-x11-drv-vesa-0:2.4.0-3.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | xorg-x11-drv-wacom-0:0.36.1-3.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | xorg-x11-server-0:1.20.4-7.el7 | * |
| Libx11 | Ubuntu | bionic | * |
| Libx11 | Ubuntu | devel | * |
| Libx11 | Ubuntu | esm-infra-legacy/trusty | * |
| Libx11 | Ubuntu | esm-infra/bionic | * |
| Libx11 | Ubuntu | esm-infra/xenial | * |
| Libx11 | Ubuntu | trusty | * |
| Libx11 | Ubuntu | trusty/esm | * |
| Libx11 | Ubuntu | upstream | * |
| Libx11 | Ubuntu | xenial | * |
Potential Mitigations
References
- http://www.openwall.com/lists/oss-security/2018/08/21/6
- http://www.securityfocus.com/bid/105177
- http://www.securitytracker.com/id/1041543
- https://access.redhat.com/errata/RHSA-2019:2079
- https://bugzilla.suse.com/show_bug.cgi?id=1102062
- https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0
- https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/
- https://lists.x.org/archives/xorg-announce/2018-August/002916.html
- https://security.gentoo.org/glsa/201811-01
- https://usn.ubuntu.com/3758-1/
- https://usn.ubuntu.com/3758-2/
- http://www.openwall.com/lists/oss-security/2018/08/21/6
- http://www.securityfocus.com/bid/105177
- http://www.securitytracker.com/id/1041543
- https://access.redhat.com/errata/RHSA-2019:2079
- https://bugzilla.suse.com/show_bug.cgi?id=1102062
- https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0
- https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/
- https://lists.x.org/archives/xorg-announce/2018-August/002916.html
- https://security.gentoo.org/glsa/201811-01
- https://usn.ubuntu.com/3758-1/
- https://usn.ubuntu.com/3758-2/