| Description: | Summary:
The remote host is missing an update for the 'x11' package(s) announced via the SSA:2016-305-02 advisory.
Vulnerability Insight:
New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libX11-1.6.4-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory read in XGetImage() or write in XListFonts().
Affected versions libX11 <= 1.6.3.
For more information, see:
[links moved to references]
(* Security fix *)
patches/packages/libXfixes-5.0.3-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause an integer
overflow on 32 bit architectures.
Affected versions : libXfixes <= 5.0.2.
For more information, see:
[link moved to references]
(* Security fix *)
patches/packages/libXi-1.7.8-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory access or endless loops (Denial of Service).
Affected versions libXi <= 1.7.6.
For more information, see:
[links moved to references]
(* Security fix *)
patches/packages/libXrandr-1.5.1-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory writes.
Affected versions: libXrandr <= 1.5.0.
For more information, see:
[links moved to references]
(* Security fix *)
patches/packages/libXrender-0.9.10-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory writes.
Affected version: libXrender <= 0.9.9.
For more information, see:
[links moved to references]
(* Security fix *)
patches/packages/libXtst-1.2.3-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory access or endless loops (Denial of Service).
Affected version libXtst <= 1.2.2.
For more information, see:
[links moved to references]
(* Security fix *)
patches/packages/libXv-1.0.11-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause out of boundary
memory and memory corruption.
Affected version libXv <= 1.0.10.
For more information, see:
[link moved to references]
(* Security fix *)
patches/packages/libXvMC-1.0.10-i586-1_slack14.2.txz: Upgraded.
Insufficient validation of data from the X server can cause a one byte ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'x11' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
