The 'libXt' library is prone to multiple memory-corruption vulnerabilities because it fails to adequately bounds-check user-supplied data.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the X client. Failed exploit attempts will likely cause denial-of-service conditions.
Versions prior to libXt 1.1.4 are vulnerable.
Information
Ubuntu Ubuntu Linux 13.04
Ubuntu Ubuntu Linux 12.10
Ubuntu Ubuntu Linux 12.04
Ubuntu Ubuntu Linux 10.04 LTS
Sun Solaris 8
Sun Solaris 10_x86
Sun Solaris 10_sparc
S.u.S.E. openSUSE 12.3
S.u.S.E. openSUSE 12.2
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Optional 6
Redhat Enterprise Linux Desktop 6
Oracle Solaris 9
Oracle Solaris 11.1
Oracle Solaris 10
Oracle Secure Global Desktop 4.71
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Oracle Solaris 11.1.8.4.0
References:
- Multiple vulnerabilities in X.org (Oracle)
- CVE-2013-2005 libXt: Memory corruption due to unchecked use of unchecked functio (Red Hat)
- libXt GIT Page (X.Org)
- Protocol handling issues in X Window System client libries (oss-sec)
- X.Org Homepage (X.Org)
- Multiple vulnerabilities in X.org (Oracle)
- openSUSE Security Update: update for libXt (SUSE)
- Oracle Critical Patch Update Advisory - April 2017 (Oracle)
- USN-1865-1: libxt vulnerabilities (Ubuntu)
- X.Org Security Advisory: Protocol handling issues in X Window System libraries (X.Org)