An issue was discovered in libX11 through 1.6.5. Functions GetFPath.c:XGetFontPath, ListExt.c:XListExtensions and FontNames.c:XListFonts are vulnerable to an off-by-one error when parsing list of strings returned by malicious server responses, leading to DoS.
Created libX11 tracking bugs for this issue:
Affects: fedora-all [bug 1623251]
This issue did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 5 as they did not include the vulnerable code.
Is the fix going to be ported to RHEL 7?
We suggest you to open a case with Support for these kind of questions.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2079 https://access.redhat.com/errata/RHSA-2019:2079
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):