CLD-526 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2018-14598 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) xorg-libraries
Deficiency Type SECURITY
Date Created 2018-08-21 16:53:31
Date Last Modified 2018-08-25 12:46:26

Version Specific Information:

Cucumber 1.0 i686fixed in xorg-libraries-7.7-i686-5
Cucumber 1.0 x86_64fixed in xorg-libraries-7.7-x86_64-5

Cucumber 1.1 i686 fixed in xorg-libraries-7.7-i686-5
Cucumber 1.1 x86_64 fixed in xorg-libraries-7.7-x86_64-5


=================================== Overview ===================================

An issue was discovered in XListExtensions in ListExt.c in libX11 through
1.6.5. A malicious server can send a reply in which the first string overflows,
causing a variable to be set to NULL that will be freed later on, leading to
DoS (segmentation fault). 

================================ Initial Report ================================


Crash on invalid reply (CVE-2018-14598).

If the server sends a reply in which even the first string would
overflow the transmitted bytes, list[0] (or flist[0]) will be set to
NULL and a count of 0 is returned.

If the resulting list is freed with XFreeExtensionList or
XFreeFontPath later on, the first Xfree call:

    Xfree (list[0]-1)
 turns into
    Xfree (NULL-1)

which will most likely trigger a segmentation fault.

================================= Our Analysis =================================

----- Affected Products -----
libX11 in Xorg 7.7 is vulnerable, meaning that xorg-libraries as originally
packaged in Cucumber Linux 1.0 and 1.1 is vulnerable.

----- Scope and Impact of this Vulnerability -----
Allows for a denial of service.

----- Fix for this Vulnerability -----
This vulnerability is fixed in commit

================================= Our Solution =================================

We have applied the patch from the aforementioned commit and rebuilt