[3.1] libxrender: insufficient validation of data from the X server can cause out of boundary memory writes (CVE-2016-7949, CVE-2016-7950)
CVE-2016-7949: Insufficient validation of server responses results in overflow of previously reserved memory
Affected version:
libXrender <= 0.9.9
Fixed In Version:
libXrender 0.9.10
Reference:
https://lists.x.org/archives/xorg-announce/2016-October/002720.html
Patch:
https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
CVE-2016-7950: Insufficient validation of server responses results out-of-bounds write in XRenderQueryFilters
Affected version:
libXrender <= 0.9.9
Fixed In Version:
libXrender 0.9.10
Reference:
https://lists.x.org/archives/xorg-announce/2016-October/002720.html
Patch:
https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714
(from redmine: issue id 6293, created on 2016-10-06, closed on 2016-10-25)
- Relations:
- parent #6288 (closed)
- Changesets:
- Revision cb627c97 on 2016-10-19T11:59:48Z:
main/libxrender: security fix (CVE-2016-7949, CVE-2016-7950)
Fixes #6293
(cherry picked from commit 28cfd0e5313c4075e486c29630eb0a7684c551c5)