An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libx11-6-udeb": "2:1.6.2-1ubuntu2.1", "libx11-6-dbg": "2:1.6.2-1ubuntu2.1", "libx11-xcb1-dbg": "2:1.6.2-1ubuntu2.1", "libx11-xcb-dev": "2:1.6.2-1ubuntu2.1", "libx11-xcb1": "2:1.6.2-1ubuntu2.1", "libx11-doc": "2:1.6.2-1ubuntu2.1", "libx11-6-udeb-dbgsym": "2:1.6.2-1ubuntu2.1", "libx11-xcb-dev-dbgsym": "2:1.6.2-1ubuntu2.1", "libx11-6-dbgsym": "2:1.6.2-1ubuntu2.1", "libx11-dev": "2:1.6.2-1ubuntu2.1", "libx11-xcb1-dbgsym": "2:1.6.2-1ubuntu2.1", "libx11-dev-dbgsym": "2:1.6.2-1ubuntu2.1", "libx11-6": "2:1.6.2-1ubuntu2.1", "libx11-data": "2:1.6.2-1ubuntu2.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libx11-6-udeb": "2:1.6.3-1ubuntu2.1", "libx11-6-dbg": "2:1.6.3-1ubuntu2.1", "libx11-xcb1-dbg": "2:1.6.3-1ubuntu2.1", "libx11-xcb-dev": "2:1.6.3-1ubuntu2.1", "libx11-xcb1": "2:1.6.3-1ubuntu2.1", "libx11-doc": "2:1.6.3-1ubuntu2.1", "libx11-6-udeb-dbgsym": "2:1.6.3-1ubuntu2.1", "libx11-xcb-dev-dbgsym": "2:1.6.3-1ubuntu2.1", "libx11-6-dbgsym": "2:1.6.3-1ubuntu2.1", "libx11-dev": "2:1.6.3-1ubuntu2.1", "libx11-xcb1-dbgsym": "2:1.6.3-1ubuntu2.1", "libx11-dev-dbgsym": "2:1.6.3-1ubuntu2.1", "libx11-6": "2:1.6.3-1ubuntu2.1", "libx11-data": "2:1.6.3-1ubuntu2.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libx11-6-udeb": "2:1.6.4-3ubuntu0.1", "libx11-6-dbgsym": "2:1.6.4-3ubuntu0.1", "libx11-dev": "2:1.6.4-3ubuntu0.1", "libx11-xcb1-dbgsym": "2:1.6.4-3ubuntu0.1", "libx11-6": "2:1.6.4-3ubuntu0.1", "libx11-xcb-dev": "2:1.6.4-3ubuntu0.1", "libx11-xcb1": "2:1.6.4-3ubuntu0.1", "libx11-doc": "2:1.6.4-3ubuntu0.1", "libx11-data": "2:1.6.4-3ubuntu0.1" } ] }