SB2018100816 - Out-of-bounds write in libx11 (Alpine package)
Published: October 8, 2018
Security Bulletin ID
SB2018100816
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2018-14600)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to out-of-bounds write when handling malicious input. A remote unauthenticated attacker can trick the victim into opening a specially crafted data, trigger memory corruption and execute arbitrary code on the target X client.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=96b4ffd87fea35a16d73bdf288b2dcbe5d15bc82
- https://git.alpinelinux.org/aports/commit/?id=bcd0f76d147745372d23b1840ff44b000c95bd81
- https://git.alpinelinux.org/aports/commit/?id=d7c441ba3f0fdfc555c09ca51f315ba46459eaa4
- https://git.alpinelinux.org/aports/commit/?id=e9064e9114d515f0f789828a1b8c7390c135f541
- https://git.alpinelinux.org/aports/commit/?id=f673b89cd43dc3fe12a443558e82318ed03fb6ef