SB2018100813 - Improper input validation in libx11 (Alpine package)
Published: October 8, 2018
Security Bulletin ID
SB2018100813
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2018-14598)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to an error when handling malicious input. A remote unauthenticated attacker can cause a remote server to return a specially crafted reply to cause the target X client to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=ed32bc3bc0848f7aa57c0f0533d62ba6ef086ceb
- https://git.alpinelinux.org/aports/commit/?id=96b4ffd87fea35a16d73bdf288b2dcbe5d15bc82
- https://git.alpinelinux.org/aports/commit/?id=bcd0f76d147745372d23b1840ff44b000c95bd81
- https://git.alpinelinux.org/aports/commit/?id=d7c441ba3f0fdfc555c09ca51f315ba46459eaa4
- https://git.alpinelinux.org/aports/commit/?id=e9064e9114d515f0f789828a1b8c7390c135f541
- https://git.alpinelinux.org/aports/commit/?id=f673b89cd43dc3fe12a443558e82318ed03fb6ef