{"affected":[{"ecosystem_specific":{"binaries":[{"libX11-6":"1.6.2-12.5.1","libX11-6-32bit":"1.6.2-12.5.1","libX11-data":"1.6.2-12.5.1","libX11-xcb1":"1.6.2-12.5.1","libX11-xcb1-32bit":"1.6.2-12.5.1","libxcb-dri2-0":"1.10-4.3.1","libxcb-dri2-0-32bit":"1.10-4.3.1","libxcb-dri3-0":"1.10-4.3.1","libxcb-dri3-0-32bit":"1.10-4.3.1","libxcb-glx0":"1.10-4.3.1","libxcb-glx0-32bit":"1.10-4.3.1","libxcb-present0":"1.10-4.3.1","libxcb-present0-32bit":"1.10-4.3.1","libxcb-randr0":"1.10-4.3.1","libxcb-render0":"1.10-4.3.1","libxcb-render0-32bit":"1.10-4.3.1","libxcb-shape0":"1.10-4.3.1","libxcb-shm0":"1.10-4.3.1","libxcb-shm0-32bit":"1.10-4.3.1","libxcb-sync1":"1.10-4.3.1","libxcb-sync1-32bit":"1.10-4.3.1","libxcb-xf86dri0":"1.10-4.3.1","libxcb-xfixes0":"1.10-4.3.1","libxcb-xfixes0-32bit":"1.10-4.3.1","libxcb-xinerama0":"1.10-4.3.1","libxcb-xkb1":"1.10-4.3.1","libxcb-xkb1-32bit":"1.10-4.3.1","libxcb-xv0":"1.10-4.3.1","libxcb1":"1.10-4.3.1","libxcb1-32bit":"1.10-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP3","name":"libX11","purl":"pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.6.2-12.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libX11-6":"1.6.2-12.5.1","libX11-6-32bit":"1.6.2-12.5.1","libX11-data":"1.6.2-12.5.1","libX11-xcb1":"1.6.2-12.5.1","libX11-xcb1-32bit":"1.6.2-12.5.1","libxcb-dri2-0":"1.10-4.3.1","libxcb-dri2-0-32bit":"1.10-4.3.1","libxcb-dri3-0":"1.10-4.3.1","libxcb-dri3-0-32bit":"1.10-4.3.1","libxcb-glx0":"1.10-4.3.1","libxcb-glx0-32bit":"1.10-4.3.1","libxcb-present0":"1.10-4.3.1","libxcb-present0-32bit":"1.10-4.3.1","libxcb-randr0":"1.10-4.3.1","libxcb-render0":"1.10-4.3.1","libxcb-render0-32bit":"1.10-4.3.1","libxcb-shape0":"1.10-4.3.1","libxcb-shm0":"1.10-4.3.1","libxcb-shm0-32bit":"1.10-4.3.1","libxcb-sync1":"1.10-4.3.1","libxcb-sync1-32bit":"1.10-4.3.1","libxcb-xf86dri0":"1.10-4.3.1","libxcb-xfixes0":"1.10-4.3.1","libxcb-xfixes0-32bit":"1.10-4.3.1","libxcb-xinerama0":"1.10-4.3.1","libxcb-xkb1":"1.10-4.3.1","libxcb-xkb1-32bit":"1.10-4.3.1","libxcb-xv0":"1.10-4.3.1","libxcb1":"1.10-4.3.1","libxcb1-32bit":"1.10-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP3","name":"libxcb","purl":"pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10-4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libX11-devel":"1.6.2-12.5.1","libxcb-composite0":"1.10-4.3.1","libxcb-damage0":"1.10-4.3.1","libxcb-devel":"1.10-4.3.1","libxcb-devel-doc":"1.10-4.3.1","libxcb-dpms0":"1.10-4.3.1","libxcb-dri3-0":"1.10-4.3.1","libxcb-present0":"1.10-4.3.1","libxcb-record0":"1.10-4.3.1","libxcb-res0":"1.10-4.3.1","libxcb-screensaver0":"1.10-4.3.1","libxcb-xevie0":"1.10-4.3.1","libxcb-xinerama0":"1.10-4.3.1","libxcb-xprint0":"1.10-4.3.1","libxcb-xtest0":"1.10-4.3.1","libxcb-xvmc0":"1.10-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"libX11","purl":"pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.6.2-12.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libX11-devel":"1.6.2-12.5.1","libxcb-composite0":"1.10-4.3.1","libxcb-damage0":"1.10-4.3.1","libxcb-devel":"1.10-4.3.1","libxcb-devel-doc":"1.10-4.3.1","libxcb-dpms0":"1.10-4.3.1","libxcb-dri3-0":"1.10-4.3.1","libxcb-present0":"1.10-4.3.1","libxcb-record0":"1.10-4.3.1","libxcb-res0":"1.10-4.3.1","libxcb-screensaver0":"1.10-4.3.1","libxcb-xevie0":"1.10-4.3.1","libxcb-xinerama0":"1.10-4.3.1","libxcb-xprint0":"1.10-4.3.1","libxcb-xtest0":"1.10-4.3.1","libxcb-xvmc0":"1.10-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"libxcb","purl":"pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10-4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libX11-6":"1.6.2-12.5.1","libX11-6-32bit":"1.6.2-12.5.1","libX11-data":"1.6.2-12.5.1","libX11-xcb1":"1.6.2-12.5.1","libX11-xcb1-32bit":"1.6.2-12.5.1","libxcb-dri2-0":"1.10-4.3.1","libxcb-dri2-0-32bit":"1.10-4.3.1","libxcb-dri3-0":"1.10-4.3.1","libxcb-dri3-0-32bit":"1.10-4.3.1","libxcb-glx0":"1.10-4.3.1","libxcb-glx0-32bit":"1.10-4.3.1","libxcb-present0":"1.10-4.3.1","libxcb-present0-32bit":"1.10-4.3.1","libxcb-randr0":"1.10-4.3.1","libxcb-render0":"1.10-4.3.1","libxcb-render0-32bit":"1.10-4.3.1","libxcb-shape0":"1.10-4.3.1","libxcb-shm0":"1.10-4.3.1","libxcb-shm0-32bit":"1.10-4.3.1","libxcb-sync1":"1.10-4.3.1","libxcb-sync1-32bit":"1.10-4.3.1","libxcb-xf86dri0":"1.10-4.3.1","libxcb-xfixes0":"1.10-4.3.1","libxcb-xfixes0-32bit":"1.10-4.3.1","libxcb-xinerama0":"1.10-4.3.1","libxcb-xkb1":"1.10-4.3.1","libxcb-xkb1-32bit":"1.10-4.3.1","libxcb-xv0":"1.10-4.3.1","libxcb1":"1.10-4.3.1","libxcb1-32bit":"1.10-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"libX11","purl":"pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.6.2-12.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libX11-6":"1.6.2-12.5.1","libX11-6-32bit":"1.6.2-12.5.1","libX11-data":"1.6.2-12.5.1","libX11-xcb1":"1.6.2-12.5.1","libX11-xcb1-32bit":"1.6.2-12.5.1","libxcb-dri2-0":"1.10-4.3.1","libxcb-dri2-0-32bit":"1.10-4.3.1","libxcb-dri3-0":"1.10-4.3.1","libxcb-dri3-0-32bit":"1.10-4.3.1","libxcb-glx0":"1.10-4.3.1","libxcb-glx0-32bit":"1.10-4.3.1","libxcb-present0":"1.10-4.3.1","libxcb-present0-32bit":"1.10-4.3.1","libxcb-randr0":"1.10-4.3.1","libxcb-render0":"1.10-4.3.1","libxcb-render0-32bit":"1.10-4.3.1","libxcb-shape0":"1.10-4.3.1","libxcb-shm0":"1.10-4.3.1","libxcb-shm0-32bit":"1.10-4.3.1","libxcb-sync1":"1.10-4.3.1","libxcb-sync1-32bit":"1.10-4.3.1","libxcb-xf86dri0":"1.10-4.3.1","libxcb-xfixes0":"1.10-4.3.1","libxcb-xfixes0-32bit":"1.10-4.3.1","libxcb-xinerama0":"1.10-4.3.1","libxcb-xkb1":"1.10-4.3.1","libxcb-xkb1-32bit":"1.10-4.3.1","libxcb-xv0":"1.10-4.3.1","libxcb1":"1.10-4.3.1","libxcb1-32bit":"1.10-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"libxcb","purl":"pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10-4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libX11-6":"1.6.2-12.5.1","libX11-6-32bit":"1.6.2-12.5.1","libX11-data":"1.6.2-12.5.1","libX11-xcb1":"1.6.2-12.5.1","libX11-xcb1-32bit":"1.6.2-12.5.1","libxcb-dri2-0":"1.10-4.3.1","libxcb-dri2-0-32bit":"1.10-4.3.1","libxcb-dri3-0":"1.10-4.3.1","libxcb-dri3-0-32bit":"1.10-4.3.1","libxcb-glx0":"1.10-4.3.1","libxcb-glx0-32bit":"1.10-4.3.1","libxcb-present0":"1.10-4.3.1","libxcb-present0-32bit":"1.10-4.3.1","libxcb-randr0":"1.10-4.3.1","libxcb-render0":"1.10-4.3.1","libxcb-render0-32bit":"1.10-4.3.1","libxcb-shape0":"1.10-4.3.1","libxcb-shm0":"1.10-4.3.1","libxcb-shm0-32bit":"1.10-4.3.1","libxcb-sync1":"1.10-4.3.1","libxcb-sync1-32bit":"1.10-4.3.1","libxcb-xf86dri0":"1.10-4.3.1","libxcb-xfixes0":"1.10-4.3.1","libxcb-xfixes0-32bit":"1.10-4.3.1","libxcb-xinerama0":"1.10-4.3.1","libxcb-xkb1":"1.10-4.3.1","libxcb-xkb1-32bit":"1.10-4.3.1","libxcb-xv0":"1.10-4.3.1","libxcb1":"1.10-4.3.1","libxcb1-32bit":"1.10-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"libX11","purl":"pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.6.2-12.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libX11-6":"1.6.2-12.5.1","libX11-6-32bit":"1.6.2-12.5.1","libX11-data":"1.6.2-12.5.1","libX11-xcb1":"1.6.2-12.5.1","libX11-xcb1-32bit":"1.6.2-12.5.1","libxcb-dri2-0":"1.10-4.3.1","libxcb-dri2-0-32bit":"1.10-4.3.1","libxcb-dri3-0":"1.10-4.3.1","libxcb-dri3-0-32bit":"1.10-4.3.1","libxcb-glx0":"1.10-4.3.1","libxcb-glx0-32bit":"1.10-4.3.1","libxcb-present0":"1.10-4.3.1","libxcb-present0-32bit":"1.10-4.3.1","libxcb-randr0":"1.10-4.3.1","libxcb-render0":"1.10-4.3.1","libxcb-render0-32bit":"1.10-4.3.1","libxcb-shape0":"1.10-4.3.1","libxcb-shm0":"1.10-4.3.1","libxcb-shm0-32bit":"1.10-4.3.1","libxcb-sync1":"1.10-4.3.1","libxcb-sync1-32bit":"1.10-4.3.1","libxcb-xf86dri0":"1.10-4.3.1","libxcb-xfixes0":"1.10-4.3.1","libxcb-xfixes0-32bit":"1.10-4.3.1","libxcb-xinerama0":"1.10-4.3.1","libxcb-xkb1":"1.10-4.3.1","libxcb-xkb1-32bit":"1.10-4.3.1","libxcb-xv0":"1.10-4.3.1","libxcb1":"1.10-4.3.1","libxcb1-32bit":"1.10-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"libxcb","purl":"pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10-4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libX11 and libxcb fixes the following issue:\n\nlibX11:\n\nThese security issues were fixed:\n\n- CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one\n  error caused by malicious server responses, leading to DoS or possibly\n  unspecified other impact (bsc#1102062).\n- CVE-2018-14600: The function XListExtensions interpreted a variable as signed\n  instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes),\n  leading to DoS or remote code execution (bsc#1102068).\n- CVE-2018-14598: A malicious server could have sent a reply in which the first\n  string overflows, causing a variable to be set to NULL that will be freed later\n  on, leading to DoS (segmentation fault) (bsc#1102073).\n\nThis non-security issue was fixed:\n\n- Make use of the new 64-bit sequence number API in XCB 1.11.1 to avoid the 32-bit\n  sequence number wrap in libX11 (bsc#1094327).\n\nlibxcb:\n\n- Expose 64-bit sequence number from XCB API so that Xlib and others can use it even\n  on 32-bit environment. (bsc#1094327)\n","id":"SUSE-SU-2018:3102-1","modified":"2018-10-11T18:46:34Z","published":"2018-10-11T18:46:34Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183102-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094327"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102062"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102068"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102073"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14598"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14599"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14600"}],"related":["CVE-2018-14598","CVE-2018-14599","CVE-2018-14600"],"summary":"Security update for libX11 and libxcb","upstream":["CVE-2018-14598","CVE-2018-14599","CVE-2018-14600"]}