-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libxfixes Version : 1:5.0-4+deb7u2 CVE ID : CVE-2016-7944 Debian Bug : 840442
It was discovered that there was a integer overflow in libxfixes, a library providing a client interface to the X11 'XFIXES' extension. The 32 bit field "rep.length" was not checked for validity, which allowed an integer overflow on 32 bit systems. A malicious server could send INT_MAX as "length" which was then multiplied by the size of XRectangle. In this case the client would not read the whole data from server, getting out of sync. For Debian 7 "Wheezy", this issue has been fixed in libxfixes version 1:5.0-4+deb7u2. We recommend that you upgrade your libxfixes packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJYAJogAAoJEB6VPifUMR5YNo4P/Rytl+2jAi+cwN9Mw1Yfq39i v5xiSaW4hV8/7ADpF53uBT2eXo61zEfcnMsHu/3MYrkc0Bdx5KWDVnNhC/PJ2+X6 nKf287fOs4x43PwuGJqnRNJt0spiUymf7VpIX4E+zzUuW8KyK4Urc1xXDCBmekny NKUZtZc7xAYaAUgtEVTYnhHYkO6oARmtb0y25VxgOg+jkUi4nP9y6B65rYfnkbjQ J4BiWmTmXyR7wl0n4eZphNtUmDpRUhnZ8F+dH76P1wIlKWN9FNS111WaslgAXopn nHCq13pUm7F78MFbOmNHY5/mZThxeTa2PRGwIj1CFFYRXqMAulTMIcLnYoVz3rTY EtUYT2jdwlOGDEMrYThuksT13YeF+nIjMmSoNeYXhkcQNQV+bct5aMm3LTbZ+Jb0 GCozcSGArwLLj94OKjfyR/qaMq7thtmZgemqoVp6I3YgPgojyG9c3cGBvVsTbb8a rUv8HG6tDGR+ec4NkTPy+IjeKGnwUx351JauJk6SZqEHIR77AbE5nBvwOGTvtXOi v/lh9SIr3Bj+4JWq1JWl2d6dm3UGLr5zL3fBsKPd8mUF/lgO40oMf+pq/h93ReD1 4Jj7wlAoE2+hfzR4wAa8y9ptL/IdPl47Wz9r8DdpvL20KD6CNTrnv9H2iiYv6AaO ug9p/munNyJlVjbIEqjc =jLWm -----END PGP SIGNATURE-----