search for: xlistfont

X.Org security advisory: August 21, 2018 Multiple issues in libX11 ========================= The functions XGetFontPath, XListExtensions and XListFonts from libX11 are vulnerable to three different issues: Off-by-one writes (CVE-2018-14599). ----------------------------------- The functions XGetFontPath, XListExtensions, and XListFonts are vulnerable to an off-by-one override on malicious server responses. The server replies consist of chunks...

...specs/libX11: Fix broken synopsis for Data/Data16/Data32 specs/libX11: Update Portability Considerations for the 21st century Emil Velikov (1): autogen.sh: use quoted string variables Emilio Pozuelo Monfort (1): Plug a memory leak Julien Cristau (1): Fix wrong Xfree in XListFonts failure path Lucien Gentis (1): Typos in "Xlib - C Language X Interface" document - Chapter 02 Matt Turner (1): libX11 1.6.5 Mihail Konev (2): autogen: add default patch prefix Compose sequences for rouble sign Peter Hutterer (1): autogen.sh: use exec in...

...that current best practices suggest separating code that requires privileges from the GUI, to reduce the attack surface of issues like this. Affected libraries and CVE Ids libX11 - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()). Affected versions libX11 <= 1.6.3 libXfixes - insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures. Affected versions : libXfixes <= 5.0.2 libXi - insufficient validation of data from the X server can cause out of boundary memory...