{"affected":[{"ecosystem_specific":{"binaries":[{"xorg-x11-libX11-devel":"7.4-5.11.72.9.1","xorg-x11-libX11-devel-32bit":"7.4-5.11.72.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"xorg-x11-libX11","purl":"pkg:rpm/suse/xorg-x11-libX11&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.4-5.11.72.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xorg-x11-libX11":"7.4-5.11.72.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"xorg-x11-libX11","purl":"pkg:rpm/suse/xorg-x11-libX11&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.4-5.11.72.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xorg-x11-libX11":"7.4-5.11.72.9.1","xorg-x11-libX11-32bit":"7.4-5.11.72.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-LTSS","name":"xorg-x11-libX11","purl":"pkg:rpm/suse/xorg-x11-libX11&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.4-5.11.72.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xorg-x11-libX11":"7.4-5.11.72.9.1","xorg-x11-libX11-32bit":"7.4-5.11.72.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-TERADATA","name":"xorg-x11-libX11","purl":"pkg:rpm/suse/xorg-x11-libX11&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.4-5.11.72.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xorg-x11-libX11":"7.4-5.11.72.9.1","xorg-x11-libX11-32bit":"7.4-5.11.72.9.1","xorg-x11-libX11-x86":"7.4-5.11.72.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"xorg-x11-libX11","purl":"pkg:rpm/suse/xorg-x11-libX11&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.4-5.11.72.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xorg-x11-libX11":"7.4-5.11.72.9.1","xorg-x11-libX11-32bit":"7.4-5.11.72.9.1","xorg-x11-libX11-x86":"7.4-5.11.72.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"xorg-x11-libX11","purl":"pkg:rpm/suse/xorg-x11-libX11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.4-5.11.72.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for xorg-x11-libX11 fixes the following issues:\n\n- CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one\n  error caused by malicious server responses, leading to DoS or possibly\n  unspecified other impact (bsc#1102062)\n- CVE-2018-14600: The function XListExtensions interpreted a variable as signed\n  instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes),\n  leading to DoS or remote code execution (bsc#1102068)\n- CVE-2018-14598: A malicious server could have sent a reply in which the first\n  string overflows, causing a variable to be set to NULL that will be freed later\n  on, leading to DoS (segmentation fault) (bsc#1102073)\n","id":"SUSE-SU-2018:2934-1","modified":"2018-09-28T08:56:15Z","published":"2018-09-28T08:56:15Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182934-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102062"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102068"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102073"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14598"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14599"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14600"}],"related":["CVE-2018-14598","CVE-2018-14599","CVE-2018-14600"],"summary":"Security update for xorg-x11-libX11","upstream":["CVE-2018-14598","CVE-2018-14599","CVE-2018-14600"]}