Security update for xorg-x11-libs SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0674-1 Final 1 1 2014-05-15T16:30:57Z current 2014-05-15T16:30:57Z 2014-05-15T16:30:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xorg-x11-libs xorg-x11-libs was patched to fix the following security issues: * Integer overflow of allocations in font metadata file parsing. (CVE-2014-0209) * libxfont not validating length fields when parsing xfs protocol replies. (CVE-2014-0210) * Integer overflows causing miscalculating memory needs for xfs replies. (CVE-2014-0211) Further information is available at http://lists.x.org/archives/xorg-announce/2014-May/002431.html <http://lists.x.org/archives/xorg-announce/2014-May/002431.html> . Security Issues references: * CVE-2014-0209 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209> * CVE-2014-0210 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210> * CVE-2014-0211 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211> The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp3-xorg-x11-devel,sledsp3-xorg-x11-devel,slessp3-xorg-x11-devel Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ Link for SUSE-SU-2015:0674-1 https://lists.suse.com/pipermail/sle-security-updates/2015-April/001332.html E-Mail link for SUSE-SU-2015:0674-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 https://bugzilla.suse.com/854915 SUSE Bug 854915 https://bugzilla.suse.com/857544 SUSE Bug 857544 https://bugzilla.suse.com/921978 SUSE Bug 921978 https://www.suse.com/security/cve/CVE-2013-1984/ SUSE CVE CVE-2013-1984 page https://www.suse.com/security/cve/CVE-2013-1985/ SUSE CVE CVE-2013-1985 page https://www.suse.com/security/cve/CVE-2013-1986/ SUSE CVE CVE-2013-1986 page https://www.suse.com/security/cve/CVE-2013-1988/ SUSE CVE CVE-2013-1988 page https://www.suse.com/security/cve/CVE-2013-1990/ SUSE CVE CVE-2013-1990 page https://www.suse.com/security/cve/CVE-2013-1991/ SUSE CVE CVE-2013-1991 page https://www.suse.com/security/cve/CVE-2013-1992/ SUSE CVE CVE-2013-1992 page https://www.suse.com/security/cve/CVE-2013-1995/ SUSE CVE CVE-2013-1995 page https://www.suse.com/security/cve/CVE-2013-1996/ SUSE CVE CVE-2013-1996 page https://www.suse.com/security/cve/CVE-2013-1998/ SUSE CVE CVE-2013-1998 page https://www.suse.com/security/cve/CVE-2013-1999/ SUSE CVE CVE-2013-1999 page https://www.suse.com/security/cve/CVE-2013-2000/ SUSE CVE CVE-2013-2000 page https://www.suse.com/security/cve/CVE-2013-2001/ SUSE CVE CVE-2013-2001 page https://www.suse.com/security/cve/CVE-2013-2003/ SUSE CVE CVE-2013-2003 page https://www.suse.com/security/cve/CVE-2013-2063/ SUSE CVE CVE-2013-2063 page https://www.suse.com/security/cve/CVE-2013-6462/ SUSE CVE CVE-2013-6462 page https://www.suse.com/security/cve/CVE-2014-0209/ SUSE CVE CVE-2014-0209 page https://www.suse.com/security/cve/CVE-2014-0210/ SUSE CVE CVE-2014-0210 page https://www.suse.com/security/cve/CVE-2014-0211/ SUSE CVE CVE-2014-0211 page https://www.suse.com/security/cve/CVE-2015-1802/ SUSE CVE CVE-2015-1802 page https://www.suse.com/security/cve/CVE-2015-1803/ SUSE CVE CVE-2015-1803 page https://www.suse.com/security/cve/CVE-2015-1804/ SUSE CVE CVE-2015-1804 page SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 xorg-x11-devel-7.4-8.26.42.1 xorg-x11-devel-32bit-7.4-8.26.42.1 xorg-x11-libs-7.4-8.26.42.1 xorg-x11-libs-32bit-7.4-8.26.42.1 xorg-x11-libs-x86-7.4-8.26.42.1 xorg-x11-libs-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xorg-x11-libs-32bit-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xorg-x11-libs-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Server 11 SP3 xorg-x11-libs-32bit-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Server 11 SP3 xorg-x11-libs-x86-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Server 11 SP3 xorg-x11-libs-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA xorg-x11-libs-32bit-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA xorg-x11-libs-x86-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA xorg-x11-libs-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 xorg-x11-libs-32bit-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 xorg-x11-libs-x86-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 xorg-x11-devel-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 xorg-x11-devel-32bit-7.4-8.26.42.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions. CVE-2013-1984 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-1984.html CVE-2013-1984 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. CVE-2013-1985 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-1985.html CVE-2013-1985 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. CVE-2013-1986 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-1986.html CVE-2013-1986 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions. CVE-2013-1988 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-1988.html CVE-2013-1988 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions. CVE-2013-1990 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-1990.html CVE-2013-1990 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions. CVE-2013-1991 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-1991.html CVE-2013-1991 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions. CVE-2013-1992 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-1992.html CVE-2013-1992 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function. CVE-2013-1995 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-1995.html CVE-2013-1995 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function. CVE-2013-1996 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-1996.html CVE-2013-1996 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions. CVE-2013-1998 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-1998.html CVE-2013-1998 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function. CVE-2013-1999 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-1999.html CVE-2013-1999 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions. CVE-2013-2000 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-2000.html CVE-2013-2000 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function. CVE-2013-2001 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-2001.html CVE-2013-2001 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function. CVE-2013-2003 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-2003.html CVE-2013-2003 https://bugzilla.suse.com/1065386 SUSE Bug 1065386 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. CVE-2013-2063 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-2063.html CVE-2013-2063 https://bugzilla.suse.com/815451 SUSE Bug 815451 https://bugzilla.suse.com/821663 SUSE Bug 821663 Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file. CVE-2013-6462 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2013-6462.html CVE-2013-6462 https://bugzilla.suse.com/854915 SUSE Bug 854915 https://bugzilla.suse.com/882908 SUSE Bug 882908 Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. CVE-2014-0209 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2014-0209.html CVE-2014-0209 https://bugzilla.suse.com/857544 SUSE Bug 857544 Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. CVE-2014-0210 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2014-0210.html CVE-2014-0210 https://bugzilla.suse.com/857544 SUSE Bug 857544 Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. CVE-2014-0211 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2014-0211.html CVE-2014-0211 https://bugzilla.suse.com/857544 SUSE Bug 857544 The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. CVE-2015-1802 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2015-1802.html CVE-2015-1802 https://bugzilla.suse.com/921978 SUSE Bug 921978 The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. CVE-2015-1803 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 moderate 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2015-1803.html CVE-2015-1803 https://bugzilla.suse.com/921978 SUSE Bug 921978 The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. CVE-2015-1804 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-7.4-8.26.42.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-libs-x86-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-32bit-7.4-8.26.42.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-devel-7.4-8.26.42.1 important 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150674-1/ https://www.suse.com/security/cve/CVE-2015-1804.html CVE-2015-1804 https://bugzilla.suse.com/921978 SUSE Bug 921978