libX11-1.7.0-9.el9

エラータID: AXSA:2024-8020:02

Release date: 
Thursday, May 30, 2024 - 18:44
Subject: 
libX11-1.7.0-9.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The libX11 packages contain the core X11 protocol client library.

Security Fix(es):

* libX11: out-of-bounds memory access in _XkbReadKeySyms() (CVE-2023-43785)
* libX11: stack exhaustion from infinite recursion in PutSubImage() (CVE-2023-43786)
* libX11: integer overflow in XCreateImage() leading to a heap overflow (CVE-2023-43787)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.4 Release Notes linked from the References section.

CVE-2023-43785
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
CVE-2023-43786
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
CVE-2023-43787
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

Solution: 

Update packages.

CVEs: 
CVE-2023-43785
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
CVE-2023-43786
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
CVE-2023-43787
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
Additional Info: 

N/A

Download: 

SRPMS
  1. libX11-1.7.0-9.el9.src.rpm
    MD5: 2142ab4c869271f528540f09061afb7d
    SHA-256: dfe8cd9d20196f51c113f6e57cf40d481e93fecbe100079ce5ace70bfef8f733
    Size: 2.31 MB

Asianux Server 9 for x86_64
  1. libX11-1.7.0-9.el9.i686.rpm
    MD5: 76fb684717df7b3a120ad9f7cfe6c5b7
    SHA-256: 815499293e9e582d38897b2ca0b819ea911ecb1a540c4aba79e9f211a3147faa
    Size: 667.50 kB
  2. libX11-1.7.0-9.el9.x86_64.rpm
    MD5: 93ddada055ce2f6b45dd1ac342b207d9
    SHA-256: 9d1d09f91e6d86a1966e5ca8702b17866233ebdf28b55c029e243fdb871c3b64
    Size: 645.55 kB
  3. libX11-common-1.7.0-9.el9.noarch.rpm
    MD5: 28224706b6c134a596d75594735dfb4b
    SHA-256: aae30a43ce112275fbf16aa3b62be103741f1cfbe9bdcb296fc36fbdfabaa49b
    Size: 150.70 kB
  4. libX11-devel-1.7.0-9.el9.i686.rpm
    MD5: 67a18d3a926ef226c7e2f8432e3fa36d
    SHA-256: 53c0cdd1b9f53d60bd79142a3f53618cd0702900dcdcef6aa03bb3f8baf23eb1
    Size: 938.90 kB
  5. libX11-devel-1.7.0-9.el9.x86_64.rpm
    MD5: 9319a8bab98deb7a4db22065e1092e1c
    SHA-256: 8512366f834d177a84c3356e6ab721263c6e8885bd807157a2b584a54b35e7e4
    Size: 938.89 kB
  6. libX11-xcb-1.7.0-9.el9.i686.rpm
    MD5: a7e696e4b061acdf63d2c6c8ed7f2a9d
    SHA-256: dece7e4abd0a7a632bb4acef33bcc3bc311088d3a5446ad8e452403863e09eb9
    Size: 9.92 kB
  7. libX11-xcb-1.7.0-9.el9.x86_64.rpm
    MD5: 86c27a02def8071de31b0ff8123a226f
    SHA-256: 7b8979c1fc152451aafbd542e05ff12ed55528e4c90ce513984292de2565ad5c
    Size: 9.90 kB