CVE-2018-14598: Input Validation
First published: Fri Aug 24 2018(Updated: )
An issue was discovered in ListExt.c:XListExtensions and GetFPath.c:XGetFontPath in libX11 through version 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). References: <a href="http://www.openwall.com/lists/oss-security/2018/08/21/6">http://www.openwall.com/lists/oss-security/2018/08/21/6</a> <a href="https://lists.x.org/archives/xorg-announce/2018-August/002916.html">https://lists.x.org/archives/xorg-announce/2018-August/002916.html</a> Upstream Patch: <a href="https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2">https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| X.Org libX11 | <=1.6.5 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Debian Debian Linux | =8.0 | |
| Fedoraproject Fedora | =28 | |
| redhat/libX11 | <1.6.6 | 1.6.6 |
| debian/libx11 | 2:1.7.2-1+deb11u2 2:1.8.4-2+deb12u2 2:1.8.7-1 |
Remedy
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2018/08/21/6
- http://www.securityfocus.com/bid/105177
- http://www.securitytracker.com/id/1041543
- https://access.redhat.com/errata/RHSA-2019:2079
- https://bugzilla.suse.com/show_bug.cgi?id=1102073
- https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2
- https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/
- https://lists.x.org/archives/xorg-announce/2018-August/002916.html
- https://security.gentoo.org/glsa/201811-01
- https://usn.ubuntu.com/3758-1/
- https://usn.ubuntu.com/3758-2/
- https://launchpad.net/bugs/cve/CVE-2018-14598
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1623239
- https://access.redhat.com/security/cve/cve-2018-14598
- https://bugzilla.redhat.com/show_bug.cgi?id=1623238
- https://gitlab.freedesktop.org/xorg/lib/libx11/commit/e83722768fd5c467ef61fa159e8c6278770b45c2
- https://security-tracker.debian.org/tracker/CVE-2018-14598
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14598
- https://nvd.nist.gov/vuln/detail/CVE-2018-14598
- https://ubuntu.com/security/CVE-2018-14598
Frequently Asked Questions
What is CVE-2018-14598?
CVE-2018-14598 is a vulnerability in libX11 that allows a malicious server to cause a denial of service (DoS) by sending a reply with a string that overflows.
How severe is CVE-2018-14598?
CVE-2018-14598 has a severity rating of 7.5 (High).
What software is affected by CVE-2018-14598?
The affected software includes libX11 versions up to and including 1.6.5, X.Org libX11, Canonical Ubuntu Linux versions 12.04, 14.04, 16.04, and 18.04, Debian Debian Linux version 8.0, and Fedoraproject Fedora version 28.
How do I fix CVE-2018-14598?
To fix CVE-2018-14598, you should update to libX11 version 1.6.6 or higher.
Where can I find more information about CVE-2018-14598?
You can find more information about CVE-2018-14598 at the following links: [Openwall](http://www.openwall.com/lists/oss-security/2018/08/21/6), [X.Org](https://lists.x.org/archives/xorg-announce/2018-August/002916.html), and [Freedesktop](https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-14598
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- vendor/x.org
- canonical/x.org libx11
- version/x.org libx11/1.6.5
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/28
- package-manager/redhat
- package-manager/debian