{"affected":[{"ecosystem_specific":{"binaries":[{"libX11-6":"1.6.5-3.3.1","libX11-6-32bit":"1.6.5-3.3.1","libX11-data":"1.6.5-3.3.1","libX11-devel":"1.6.5-3.3.1","libX11-xcb1":"1.6.5-3.3.1","libX11-xcb1-32bit":"1.6.5-3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"libX11","purl":"pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.6.5-3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libX11 fixes the following security issues:\n\n- CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one\n  error caused by malicious server responses, leading to DoS or possibly\n  unspecified other impact (bsc#1102062)\n- CVE-2018-14600: The function XListExtensions interpreted a variable as signed\n  instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes),\n  leading to DoS or remote code execution (bsc#1102068)\n- CVE-2018-14598: A malicious server could have sent a reply in which the first\n  string overflows, causing a variable to be set to NULL that will be freed later\n  on, leading to DoS (segmentation fault) (bsc#1102073)\n","id":"SUSE-SU-2018:2955-1","modified":"2018-09-30T12:06:31Z","published":"2018-09-30T12:06:31Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182955-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102062"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102068"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102073"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14598"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14599"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14600"}],"related":["CVE-2018-14598","CVE-2018-14599","CVE-2018-14600"],"summary":"Security update for libX11","upstream":["CVE-2018-14598","CVE-2018-14599","CVE-2018-14600"]}