[SECURITY] [DLA 660-1] libxrandr security update

2016-10-1719:27:40

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

Package : libxrandr
Version : 2:1.3.2-2+deb7u2
CVE ID : CVE-2016-7947 CVE-2016-7948
Debian Bug : 840441

Insufficient validation of data from the X server in libxrandr
before v1.5.0 can cause out of boundary memory writes and integer
overflows.

For Debian 7 "Wheezy", these problems have been fixed in version
2:1.3.2-2+deb7u2.

We recommend that you upgrade your libxrandr packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian7amd64libxrandr2-dbg< 2:1.3.2-2+deb7u2libxrandr2-dbg_2:1.3.2-2+deb7u2_amd64.deb
Debian8s390xlibxrandr2-dbg< 2:1.4.2-1+deb8u1libxrandr2-dbg_2:1.4.2-1+deb8u1_s390x.deb
Debian8armhflibxrandr2-dbg< 2:1.4.2-1+deb8u1libxrandr2-dbg_2:1.4.2-1+deb8u1_armhf.deb
Debian8arm64libxrandr2-dbg< 2:1.4.2-1+deb8u1libxrandr2-dbg_2:1.4.2-1+deb8u1_arm64.deb
Debian7alllibxrandr< 2:1.3.2-2+deb7u2libxrandr_2:1.3.2-2+deb7u2_all.deb
Debian8ppc64ellibxrandr2-dbg< 2:1.4.2-1+deb8u1libxrandr2-dbg_2:1.4.2-1+deb8u1_ppc64el.deb
Debian8powerpclibxrandr-dev< 2:1.4.2-1+deb8u1libxrandr-dev_2:1.4.2-1+deb8u1_powerpc.deb
Debian7i386libxrandr-dev< 2:1.3.2-2+deb7u2libxrandr-dev_2:1.3.2-2+deb7u2_i386.deb
Debian8armellibxrandr2< 2:1.4.2-1+deb8u1libxrandr2_2:1.4.2-1+deb8u1_armel.deb
Debian8i386libxrandr-dev< 2:1.4.2-1+deb8u1libxrandr-dev_2:1.4.2-1+deb8u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	amd64	libxrandr2-dbg	< 2:1.3.2-2+deb7u2	libxrandr2-dbg_2:1.3.2-2+deb7u2_amd64.deb
Debian	8	s390x	libxrandr2-dbg	< 2:1.4.2-1+deb8u1	libxrandr2-dbg_2:1.4.2-1+deb8u1_s390x.deb
Debian	8	armhf	libxrandr2-dbg	< 2:1.4.2-1+deb8u1	libxrandr2-dbg_2:1.4.2-1+deb8u1_armhf.deb
Debian	8	arm64	libxrandr2-dbg	< 2:1.4.2-1+deb8u1	libxrandr2-dbg_2:1.4.2-1+deb8u1_arm64.deb
Debian	7	all	libxrandr	< 2:1.3.2-2+deb7u2	libxrandr_2:1.3.2-2+deb7u2_all.deb
Debian	8	ppc64el	libxrandr2-dbg	< 2:1.4.2-1+deb8u1	libxrandr2-dbg_2:1.4.2-1+deb8u1_ppc64el.deb
Debian	8	powerpc	libxrandr-dev	< 2:1.4.2-1+deb8u1	libxrandr-dev_2:1.4.2-1+deb8u1_powerpc.deb
Debian	7	i386	libxrandr-dev	< 2:1.3.2-2+deb7u2	libxrandr-dev_2:1.3.2-2+deb7u2_i386.deb
Debian	8	armel	libxrandr2	< 2:1.4.2-1+deb8u1	libxrandr2_2:1.4.2-1+deb8u1_armel.deb
Debian	8	i386	libxrandr-dev	< 2:1.4.2-1+deb8u1	libxrandr-dev_2:1.4.2-1+deb8u1_i386.deb