libx11: Insufficient validation of server responses in XGetImage() and FontNames (CVE-2016-7942, CVE-2016-7943)
CVE-2016-7942: Insufficient validation of server responses in XGetImage()
CVE-2016-7943: Insufficient validation of server responses in FontNames
Fixed In Version:
libX11 1.6.4
Affected versions:
libX11 <= 1.6.3
References:
https://lists.x.org/archives/xorg-announce/2016-October/002720.html
http://seclists.org/oss-sec/2016/q4/17
(from redmine: issue id 6312, created on 2016-10-07, closed on 2016-10-25)
- Relations:
- child #6313 (closed)
- child #6314 (closed)
- child #6315 (closed)
- child #6316 (closed)
- child #6317 (closed)