Amazon Linux 1 Security Advisory: ALAS-2014-452
Advisory Release Date: 2014-11-22 14:00 Pacific
Advisory Updated Date: 2014-11-24 15:22 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system. (CVE-2013-1981, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-2003, CVE-2013-2062, CVE-2013-2064)
Multiple array index errors, leading to heap-based buffer out-of-bounds write flaws, were found in the way various X11 client libraries handled data returned from an X11 server. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2066)
A buffer overflow flaw was found in the way the XListInputDevices() function of X.Org X11's libXi runtime library handled signed numbers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1995)
A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-2005)
Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file. (CVE-2013-2004)
Affected Packages:
libX11, libXcursor, libXfixes, libXi, libXrandr, libXrender, libXres, libXt, libXv, libXvMC, libXxf86dga, libXxf86vm, libdmx, xorg-x11-proto-devel
Issue Correction:
Run yum update libX11 libXcursor libXfixes libXi libXrandr libXrender libXres libXt libXv libXvMC libXxf86dga libXxf86vm libdmx xorg-x11-proto-devel to update your system.
i686:
libX11-debuginfo-1.6.0-2.2.12.amzn1.i686
libX11-1.6.0-2.2.12.amzn1.i686
libX11-common-1.6.0-2.2.12.amzn1.i686
libX11-devel-1.6.0-2.2.12.amzn1.i686
libXcursor-debuginfo-1.1.14-2.1.9.amzn1.i686
libXcursor-1.1.14-2.1.9.amzn1.i686
libXcursor-devel-1.1.14-2.1.9.amzn1.i686
libXfixes-5.0.1-2.1.8.amzn1.i686
libXfixes-debuginfo-5.0.1-2.1.8.amzn1.i686
libXfixes-devel-5.0.1-2.1.8.amzn1.i686
libXrandr-debuginfo-1.4.1-2.1.8.amzn1.i686
libXrandr-1.4.1-2.1.8.amzn1.i686
libXrandr-devel-1.4.1-2.1.8.amzn1.i686
libXrender-0.9.8-2.1.9.amzn1.i686
libXrender-debuginfo-0.9.8-2.1.9.amzn1.i686
libXrender-devel-0.9.8-2.1.9.amzn1.i686
libXres-debuginfo-1.0.7-2.1.8.amzn1.i686
libXres-1.0.7-2.1.8.amzn1.i686
libXres-devel-1.0.7-2.1.8.amzn1.i686
libXt-devel-1.1.4-6.1.9.amzn1.i686
libXt-debuginfo-1.1.4-6.1.9.amzn1.i686
libXt-1.1.4-6.1.9.amzn1.i686
libXv-devel-1.0.9-2.1.8.amzn1.i686
libXv-debuginfo-1.0.9-2.1.8.amzn1.i686
libXv-1.0.9-2.1.8.amzn1.i686
libXvMC-1.0.8-2.1.8.amzn1.i686
libXvMC-debuginfo-1.0.8-2.1.8.amzn1.i686
libXvMC-devel-1.0.8-2.1.8.amzn1.i686
libXi-1.7.2-2.2.9.amzn1.i686
libXi-devel-1.7.2-2.2.9.amzn1.i686
libXi-debuginfo-1.7.2-2.2.9.amzn1.i686
libXxf86dga-1.1.4-2.1.8.amzn1.i686
libXxf86dga-debuginfo-1.1.4-2.1.8.amzn1.i686
libXxf86dga-devel-1.1.4-2.1.8.amzn1.i686
libXxf86vm-devel-1.1.3-2.1.9.amzn1.i686
libXxf86vm-debuginfo-1.1.3-2.1.9.amzn1.i686
libXxf86vm-1.1.3-2.1.9.amzn1.i686
libdmx-debuginfo-1.1.3-3.7.amzn1.i686
libdmx-1.1.3-3.7.amzn1.i686
libdmx-devel-1.1.3-3.7.amzn1.i686
noarch:
xorg-x11-proto-devel-7.7-9.10.amzn1.noarch
src:
libX11-1.6.0-2.2.12.amzn1.src
libXcursor-1.1.14-2.1.9.amzn1.src
libXfixes-5.0.1-2.1.8.amzn1.src
libXrandr-1.4.1-2.1.8.amzn1.src
xorg-x11-proto-devel-7.7-9.10.amzn1.src
libXrender-0.9.8-2.1.9.amzn1.src
libXres-1.0.7-2.1.8.amzn1.src
libXt-1.1.4-6.1.9.amzn1.src
libXv-1.0.9-2.1.8.amzn1.src
libXvMC-1.0.8-2.1.8.amzn1.src
libXi-1.7.2-2.2.9.amzn1.src
libXxf86dga-1.1.4-2.1.8.amzn1.src
libXxf86vm-1.1.3-2.1.9.amzn1.src
libdmx-1.1.3-3.7.amzn1.src
x86_64:
libX11-1.6.0-2.2.12.amzn1.x86_64
libX11-devel-1.6.0-2.2.12.amzn1.x86_64
libX11-common-1.6.0-2.2.12.amzn1.x86_64
libX11-debuginfo-1.6.0-2.2.12.amzn1.x86_64
libXcursor-debuginfo-1.1.14-2.1.9.amzn1.x86_64
libXcursor-devel-1.1.14-2.1.9.amzn1.x86_64
libXcursor-1.1.14-2.1.9.amzn1.x86_64
libXfixes-devel-5.0.1-2.1.8.amzn1.x86_64
libXfixes-debuginfo-5.0.1-2.1.8.amzn1.x86_64
libXfixes-5.0.1-2.1.8.amzn1.x86_64
libXrandr-devel-1.4.1-2.1.8.amzn1.x86_64
libXrandr-debuginfo-1.4.1-2.1.8.amzn1.x86_64
libXrandr-1.4.1-2.1.8.amzn1.x86_64
libXrender-devel-0.9.8-2.1.9.amzn1.x86_64
libXrender-0.9.8-2.1.9.amzn1.x86_64
libXrender-debuginfo-0.9.8-2.1.9.amzn1.x86_64
libXres-devel-1.0.7-2.1.8.amzn1.x86_64
libXres-debuginfo-1.0.7-2.1.8.amzn1.x86_64
libXres-1.0.7-2.1.8.amzn1.x86_64
libXt-devel-1.1.4-6.1.9.amzn1.x86_64
libXt-1.1.4-6.1.9.amzn1.x86_64
libXt-debuginfo-1.1.4-6.1.9.amzn1.x86_64
libXv-devel-1.0.9-2.1.8.amzn1.x86_64
libXv-1.0.9-2.1.8.amzn1.x86_64
libXv-debuginfo-1.0.9-2.1.8.amzn1.x86_64
libXvMC-1.0.8-2.1.8.amzn1.x86_64
libXvMC-debuginfo-1.0.8-2.1.8.amzn1.x86_64
libXvMC-devel-1.0.8-2.1.8.amzn1.x86_64
libXi-debuginfo-1.7.2-2.2.9.amzn1.x86_64
libXi-1.7.2-2.2.9.amzn1.x86_64
libXi-devel-1.7.2-2.2.9.amzn1.x86_64
libXxf86dga-debuginfo-1.1.4-2.1.8.amzn1.x86_64
libXxf86dga-devel-1.1.4-2.1.8.amzn1.x86_64
libXxf86dga-1.1.4-2.1.8.amzn1.x86_64
libXxf86vm-debuginfo-1.1.3-2.1.9.amzn1.x86_64
libXxf86vm-devel-1.1.3-2.1.9.amzn1.x86_64
libXxf86vm-1.1.3-2.1.9.amzn1.x86_64
libdmx-debuginfo-1.1.3-3.7.amzn1.x86_64
libdmx-1.1.3-3.7.amzn1.x86_64
libdmx-devel-1.1.3-3.7.amzn1.x86_64