CLD-525 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2018-14600 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) xorg-libraries
Deficiency Type SECURITY
Date Created 2018-08-21 16:53:09
Date Last Modified 2018-08-25 12:46:26

Version Specific Information:

Cucumber 1.0 i686fixed in xorg-libraries-7.7-i686-5
Cucumber 1.0 x86_64fixed in xorg-libraries-7.7-x86_64-5

Cucumber 1.1 i686 fixed in xorg-libraries-7.7-i686-5
Cucumber 1.1 x86_64 fixed in xorg-libraries-7.7-x86_64-5


=================================== Overview ===================================

An issue was discovered in libX11 through 1.6.5. The function XListExtensions
in ListExt.c interprets a variable as signed instead of unsigned, resulting in
an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code

================================ Initial Report ================================


Out of boundary write (CVE-2018-14600).

The length value is interpreted as signed char on many systems
(depending on default signedness of char), which can lead to an out of
boundary write up to 128 bytes in front of the allocated storage, but
limited to NUL byte(s).

Casting the length value to unsigned char fixes the problem and allows
string values with up to 255 characters.

================================= Our Analysis =================================

----- Affected Products -----
libX11 in Xorg 7.7 is vulnerable, meaning that xorg-libraries as originally
packaged in Cucumber Linux 1.0 and 1.1 is vulnerable.

----- Scope and Impact of this Vulnerability -----
Allows for a denial of service and remote code execution.

----- Fix for this Vulnerability -----
This vulnerability is fixed in commit

================================= Our Solution =================================

We have applied the patch from the aforementioned commit and rebuilt

Note that we had to modify the patch to get it to apply to Xorg 7.7. The
modified patch can be found at: