libX11-1.6.8-8.el8

エラータID: AXSA:2024-8318:03

Release date: 
Monday, June 17, 2024 - 19:26
Subject: 
libX11-1.6.8-8.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The libX11 packages contain the core X11 protocol client library.

Security Fix(es):

* libX11: out-of-bounds memory access in _XkbReadKeySyms() (CVE-2023-43785)
* libX11: stack exhaustion from infinite recursion in PutSubImage() (CVE-2023-43786)
* libX11: integer overflow in XCreateImage() leading to a heap overflow (CVE-2023-43787)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.10 Release Notes linked from the References section.

CVE-2023-43785
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
CVE-2023-43786
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
CVE-2023-43787
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

Solution: 

Update packages.

CVEs: 
CVE-2023-43785
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
CVE-2023-43786
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
CVE-2023-43787
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
Additional Info: 

N/A

Download: 

SRPMS
  1. libX11-1.6.8-8.el8.src.rpm
    MD5: cd27d559c3b8b17d1c34ad4badf68b0f
    SHA-256: d4e90010eb8dbd30ef35224fc3b71c84842e2b15a41595beac434d59fabd24de
    Size: 2.30 MB

Asianux Server 8 for x86_64
  1. libX11-1.6.8-8.el8.i686.rpm
    MD5: 1c6df095b4371b6e9360d5282bad04dd
    SHA-256: 3e2a8891ea4e1d23649191603c5a793f875365c1aecca42d02b6dc5ec97a220e
    Size: 638.92 kB
  2. libX11-1.6.8-8.el8.x86_64.rpm
    MD5: 956d9304d298ef0ad208c9a8eff74c8b
    SHA-256: 205188fc6be0010220967b9b7d167b2fb56b3b47d37ec9f1db653a70948ceb84
    Size: 610.72 kB
  3. libX11-common-1.6.8-8.el8.noarch.rpm
    MD5: 496def0af5fee9c83c84518188493bf8
    SHA-256: 3cb296ca39335a44a475a0e69837320ed58bbc4168245c6f4868ea64a936c0ab
    Size: 157.18 kB
  4. libX11-devel-1.6.8-8.el8.i686.rpm
    MD5: 3eb43a1b374a07c57ff264c05ce9f59c
    SHA-256: 2bf88388cbe1f83763d516e5d22c2b445dcc2cc166912dd5b24b52664843d99a
    Size: 975.85 kB
  5. libX11-devel-1.6.8-8.el8.x86_64.rpm
    MD5: 5092799954be33cf6cef811715e555e3
    SHA-256: 22aef4affca7370f4524eceda9889f530dcc3a2f707c1286c11d23e837ca3cb2
    Size: 975.67 kB
  6. libX11-xcb-1.6.8-8.el8.i686.rpm
    MD5: 3b24200aef40e9a059d9aebca9a0c4f2
    SHA-256: 89a07485662c07c55ad4d44f0ff51fd16897c5920fd121da997d48769d059ef8
    Size: 13.51 kB
  7. libX11-xcb-1.6.8-8.el8.x86_64.rpm
    MD5: 081f10f0feaa4a0e2613a6890d380ede
    SHA-256: fd0493f4bbd005b9709e919cda51edb771904c1a9682287cc7d4a721c250d39a
    Size: 13.50 kB