ALAS-2014-405

Amazon Linux 1 (EOL) Security Advisory: ALAS-2014-405
Advisory Released Date: 2014-09-17
Advisory Updated Date: 2014-09-19

Severity: Medium

References: CVE-2013-2064
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.

Affected Packages:

libxcb

Issue Correction:
Run yum update libxcb or yum update --advisory ALAS-2014-405 to update your system.

New Packages:

i686:
    libxcb-debuginfo-1.8.1-1.15.amzn1.i686
    libxcb-devel-1.8.1-1.15.amzn1.i686
    libxcb-python-1.8.1-1.15.amzn1.i686
    libxcb-1.8.1-1.15.amzn1.i686

noarch:
    libxcb-doc-1.8.1-1.15.amzn1.noarch

src:
    libxcb-1.8.1-1.15.amzn1.src

x86_64:
    libxcb-1.8.1-1.15.amzn1.x86_64
    libxcb-devel-1.8.1-1.15.amzn1.x86_64
    libxcb-debuginfo-1.8.1-1.15.amzn1.x86_64
    libxcb-python-1.8.1-1.15.amzn1.x86_64

Additional References

Red Hat: CVE-2013-2064

Mitre: CVE-2013-2064