Other IDs this deficiency may be known by:
|Date Last Modified
Version Specific Information:
|Cucumber 1.0 i686||fixed in xorg-libraries-7.7-i686-5 |
|Cucumber 1.0 x86_64||fixed in xorg-libraries-7.7-x86_64-5 |
|Cucumber 1.1 i686
||fixed in xorg-libraries-7.7-i686-5 |
|Cucumber 1.1 x86_64
||fixed in xorg-libraries-7.7-x86_64-5 |
=================================== Overview ===================================
An issue was discovered in libX11 through 1.6.5. The function XListExtensions
in ListExt.c interprets a variable as signed instead of unsigned, resulting in
an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code
================================ Initial Report ================================
Out of boundary write (CVE-2018-14600).
The length value is interpreted as signed char on many systems
(depending on default signedness of char), which can lead to an out of
boundary write up to 128 bytes in front of the allocated storage, but
limited to NUL byte(s).
Casting the length value to unsigned char fixes the problem and allows
string values with up to 255 characters.
================================= Our Analysis =================================
----- Affected Products -----
libX11 in Xorg 7.7 is vulnerable, meaning that xorg-libraries as originally
packaged in Cucumber Linux 1.0 and 1.1 is vulnerable.
----- Scope and Impact of this Vulnerability -----
Allows for a denial of service and remote code execution.
----- Fix for this Vulnerability -----
This vulnerability is fixed in commit
================================= Our Solution =================================
We have applied the patch from the aforementioned commit and rebuilt
Note that we had to modify the patch to get it to apply to Xorg 7.7. The
modified patch can be found at: