SUSE: CVE-2018-14600: SUSE Linux Security Advisory
8
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
08/21/2018
03/19/2019
09/01/2018
10/22/2021
Description
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
Solution(s)
- suse-upgrade-libx11-6
- suse-upgrade-libx11-6-32bit
- suse-upgrade-libx11-data
- suse-upgrade-libx11-devel
- suse-upgrade-libx11-devel-32bit
- suse-upgrade-libx11-xcb1
- suse-upgrade-libx11-xcb1-32bit
- suse-upgrade-libxcb-composite0
- suse-upgrade-libxcb-damage0
- suse-upgrade-libxcb-devel
- suse-upgrade-libxcb-devel-doc
- suse-upgrade-libxcb-dpms0
- suse-upgrade-libxcb-dri2-0
- suse-upgrade-libxcb-dri2-0-32bit
- suse-upgrade-libxcb-dri3-0
- suse-upgrade-libxcb-dri3-0-32bit
- suse-upgrade-libxcb-glx0
- suse-upgrade-libxcb-glx0-32bit
- suse-upgrade-libxcb-present0
- suse-upgrade-libxcb-present0-32bit
- suse-upgrade-libxcb-randr0
- suse-upgrade-libxcb-record0
- suse-upgrade-libxcb-render0
- suse-upgrade-libxcb-render0-32bit
- suse-upgrade-libxcb-res0
- suse-upgrade-libxcb-screensaver0
- suse-upgrade-libxcb-shape0
- suse-upgrade-libxcb-shm0
- suse-upgrade-libxcb-shm0-32bit
- suse-upgrade-libxcb-sync1
- suse-upgrade-libxcb-sync1-32bit
- suse-upgrade-libxcb-xevie0
- suse-upgrade-libxcb-xf86dri0
- suse-upgrade-libxcb-xfixes0
- suse-upgrade-libxcb-xfixes0-32bit
- suse-upgrade-libxcb-xinerama0
- suse-upgrade-libxcb-xkb1
- suse-upgrade-libxcb-xkb1-32bit
- suse-upgrade-libxcb-xprint0
- suse-upgrade-libxcb-xtest0
- suse-upgrade-libxcb-xv0
- suse-upgrade-libxcb-xvmc0
- suse-upgrade-libxcb1
- suse-upgrade-libxcb1-32bit
- suse-upgrade-xorg-x11-libx11
- suse-upgrade-xorg-x11-libx11-32bit
- suse-upgrade-xorg-x11-libx11-devel
- suse-upgrade-xorg-x11-libx11-devel-32bit
- suse-upgrade-xorg-x11-libx11-x86
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center