libX11-1.7.0-8.el9

エラータID: AXSA:2023-6905:01

Release date: 
Tuesday, December 12, 2023 - 10:23
Subject: 
libX11-1.7.0-8.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The libX11 packages contain the core X11 protocol client library.

Security Fix(es):

* libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow (CVE-2023-3138)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-3138
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libX11-1.7.0-8.el9.src.rpm
    MD5: 67d9dc9cfeca280188a5bb760a87361c
    SHA-256: d37bdfcf65e7489762b41c3c92b282d790d3f7edeba8573fb907b2ce58ecbd4c
    Size: 2.31 MB

Asianux Server 9 for x86_64
  1. libX11-1.7.0-8.el9.i686.rpm
    MD5: 18cface1c8132b277a32776de43fd18d
    SHA-256: 994d76dea71e5e5eb7dea7dd5d58a393991ed54c09a7b881b9c51876604b03fb
    Size: 667.25 kB
  2. libX11-1.7.0-8.el9.x86_64.rpm
    MD5: 037c07c7d6e2cbd0b9ff3dcfdf637bb1
    SHA-256: 596f1da96828fc163c274301408c125b54ac2f953605e971a0801d35582abeea
    Size: 650.38 kB
  3. libX11-common-1.7.0-8.el9.noarch.rpm
    MD5: c463740033a3325d23d344ff5e7b5e5e
    SHA-256: d98a286055902a901940c639c873916f284b84f64950f918d93b035804616343
    Size: 150.64 kB
  4. libX11-devel-1.7.0-8.el9.i686.rpm
    MD5: e01c9ed643fabee1ec5ce36b0b4629d7
    SHA-256: c41c1cbbe14bb0a4729547c787ac3632628c7695755612cd561bc34764c2f6db
    Size: 938.82 kB
  5. libX11-devel-1.7.0-8.el9.x86_64.rpm
    MD5: 2376a2edd4609b273caddf6c49d834ef
    SHA-256: bb31ff0eb8a4bc2f4372104bebe06e28f42e35dabf2664664593e35226bac6e0
    Size: 938.98 kB
  6. libX11-xcb-1.7.0-8.el9.i686.rpm
    MD5: a90ae00588591e38d1f780fdb1d78052
    SHA-256: 1702ae3a37d6d52cb80e77e6edba0e79593df7377c19a54d075ae2cd6debdfb2
    Size: 9.75 kB
  7. libX11-xcb-1.7.0-8.el9.x86_64.rpm
    MD5: 9e35493150baa98a0865138d80938b30
    SHA-256: 70b0e5f9f96e7f6c1b89440dcc91e1060d611ec998a9794ee588e5d637a7dbc2
    Size: 9.73 kB