libX11.so is vulnerable to an out-of-bounds write. The server response consisting of a length byte followed by the actual string is not NULL-terminated, which could lead to an off-by-one override in the functions XGetFontPath
, XListExtensions
and XListFonts
, and result in an out-of-bounds write.
www.openwall.com/lists/oss-security/2018/08/21/6
www.securityfocus.com/bid/105177
www.securitytracker.com/id/1041543
access.redhat.com/errata/RHSA-2019:2079
bugzilla.suse.com/show_bug.cgi?id=1102062
cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0
github.com/mirror/libX11/commit/b469da1430cdcee06e31c6251b83aede072a1ff0
lists.debian.org/debian-lts-announce/2018/08/msg00030.html
lists.fedoraproject.org/archives/list/[email protected]/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/
lists.x.org/archives/xorg-announce/2018-August/002916.html
security.gentoo.org/glsa/201811-01
usn.ubuntu.com/3758-1/
usn.ubuntu.com/3758-2/