SB2013052401 - Input validation error in libxcb (Alpine package)
Published: May 24, 2013
Security Bulletin ID
SB2013052401
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-2064)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=e0f8a9288a30bbe3e3be96f612b5e334bdeef337
- https://git.alpinelinux.org/aports/commit/?id=1a41cbf7f67c537bc75573199739f92e62ea4be6
- https://git.alpinelinux.org/aports/commit/?id=409cfad6e8aff8f5e0d7ca3a4b035c93025e6fd4
- https://git.alpinelinux.org/aports/commit/?id=bfa00153c3fc261ef3677a36df0c0ab57df66b1e
- https://git.alpinelinux.org/aports/commit/?id=682ed1fa3f5d7338fff3b497e1b95d45b2481e79
- https://git.alpinelinux.org/aports/commit/?id=9688473ac6aba4112f17501b088e2eb353ec56c2