Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2017-291-01
HistoryOct 18, 2017 - 7:35 p.m.

[slackware-security] libXres

2017-10-1819:35:43
Slackware Linux Project
www.slackware.com
8

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.8%

JSON

New libXres packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/libXres-1.2.0-i586-1_slack14.2.txz: Upgraded.
Integer overflows may allow X servers to trigger allocation of insufficient
memory and a buffer overflow via vectors related to the (1)
XResQueryClients and (2) XResQueryClientResources functions.
For more information, see:
https://vulners.com/cve/CVE-2013-1988
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libXres-1.2.0-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libXres-1.2.0-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libXres-1.2.0-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libXres-1.2.0-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/libXres-1.2.0-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/libXres-1.2.0-x86_64-1.txz

MD5 signatures:

Slackware 14.1 package:
1253ba59f7e08295d24a434a75faf448 libXres-1.2.0-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
f42004623a5f42c6280bf540decadb81 libXres-1.2.0-x86_64-1_slack14.1.txz

Slackware 14.2 package:
4256978c619753254402fc77ca2fc1fc libXres-1.2.0-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
2e1e0fea3a504c181e58cb5bfc0cf22a libXres-1.2.0-x86_64-1_slack14.2.txz

Slackware -current package:
9cfb1ab01a0178323c37a518621ff02b x/libXres-1.2.0-i586-1.txz

Slackware x86_64 -current package:
8bcf91141af69be10620e6e4f529b0c5 x/libXres-1.2.0-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg libXres-1.2.0-i586-1_slack14.2.txz

Related

securityvulns 2
nessus 16
fedora 2
cve 1
openvas 15
ubuntucve 1
debian 1
prion 1
ubuntu 1
veracode 26
debiancve 1
amazon 1
redhat 1
centos 1
mageia 1
freebsd 1
gentoo 1
securityvulns
securityvulns
[SECURITY] [DSA 2688-1] libxres security update
2013-05-27 00:00:00
X servers and libraries security vulnerabilities
2013-06-17 00:00:00
nessus
nessus
openSUSE Security Update : libXres (openSUSE-SU-2013:1027-1)
2014-06-13 00:00:00
Fedora 18 : libXres-1.0.6-5.20130524gitf46818496.fc18 (2013-9141)
2013-06-03 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.04 : libxres vulnerability (USN-1864-1)
2013-06-06 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: libXres-1.0.6-5.20130524gitf46818496.fc19
2013-05-28 02:19:23
[SECURITY] Fedora 18 Update: libXres-1.0.6-5.20130524gitf46818496.fc18
2013-06-03 03:03:42
cve
cve
CVE-2013-1988
2013-06-15 19:55:00
openvas
openvas
Debian Security Advisory DSA 2688-1 (libxres - several vulnerabilities)
2013-05-23 00:00:00
Slackware: Security Advisory (SSA:2017-291-01)
2022-04-21 00:00:00
Debian: Security Advisory (DSA-2688-1)
2013-05-22 00:00:00
ubuntucve
ubuntucve
CVE-2013-1988
2013-05-23 00:00:00
debian
debian
[SECURITY] [DSA 2688-1] libxres security update
2013-05-23 16:24:05
prion
prion
Integer overflow
2013-06-15 19:55:00
ubuntu
ubuntu
libxres vulnerability
2013-06-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-12-05 03:26:51
Denial Of Service (DoS)
2019-05-02 05:12:47
Buffer Overflow
2019-05-02 05:12:44
debiancve
debiancve
CVE-2013-1988
2013-06-15 19:55:00
amazon
amazon
Medium: libX11, libXcursor, libXfixes, libXi, libXrandr, libXrender, libXres, libXt, libXv, libXvMC, libXxf86dga, libXxf86vm, libdmx, xorg-x11-proto-devel
2014-11-22 14:00:00
redhat
redhat
(RHSA-2014:1436) Moderate: X11 client libraries security, bug fix, and enhancement update
2014-10-14 00:00:00
centos
centos
libX11, libXcursor, libXext, libXfixes, libXi, libXinerama, libXp, libXrandr, libXrender, libXres, libXt, libXtst, libXv, libXvMC, libXxf86dga, libXxf86vm, libdmx, libxcb, xcb, xkeyboard, xorg security update
2014-10-20 18:09:28
mageia
mageia
Updated X.org packages fix multiple security vulnerabilities
2013-06-26 22:17:24
freebsd
freebsd
xorg -- protocol handling issues in X Window System client libraries
2013-05-23 00:00:00
gentoo
gentoo
X.Org X Server: Multiple vulnerabilities
2014-05-15 00:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.8%

JSON
Related for SSA-2017-291-01
securityvulns2nessus16fedora2cve1openvas15ubuntucve1debian1prion1ubuntu1veracode26debiancve1amazon1redhat1centos1mageia1freebsd1gentoo1