libX11-1.6.7-4.el7
エラータID: AXSA:2021-2389:01
リリース日:
2021/08/30 Monday - 12:47
題名:
libX11-1.6.7-4.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libX11 の LookupCol.c 内の XLookupColor リクエストには、X クライアントが色名
称のリクエストをプロトコルが許可している最大サイズよりも長く、またパケットの最
大サイズよりも長い名前で送信できてしまう問題があり、X サーバーは最大サイズを超
えたリクエストデータを追加の X プロトコルとして解釈するため、攻撃者が任意のコー
ドを実行できる脆弱性があります。(CVE-2021-31535)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-31535
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
追加情報:
N/A
ダウンロード:
SRPMS
- libX11-1.6.7-4.el7.src.rpm
MD5: 7fd8be938bab9801224274ec8ba35401
SHA-256: 53ba51d4d918a5a037dd0c41bb5f4f765db7f7a33c0551fa94f9acec1bac3981
Size: 2.21 MB
Asianux Server 7 for x86_64
- libX11-1.6.7-4.el7.x86_64.rpm
MD5: fea571263e95c56bfcd99bd037421bab
SHA-256: f1b66e25ee49a5d4ac1cbcaa6ddbb6adccdd7df46995bb7fe01dfc504703e447
Size: 606.16 kB - libX11-common-1.6.7-4.el7.noarch.rpm
MD5: ebfa3e4c6c6cfeedc1a8a9f84f0325a8
SHA-256: 05078ae0d9c06f78768a8ba75952c4bc14106c0076f62c8551bb50a25bfbc196
Size: 163.48 kB - libX11-devel-1.6.7-4.el7.x86_64.rpm
MD5: 2dddd76452e8b290599eb14b46ab427e
SHA-256: e91d14daae027c56ea7b01f8744953873bbd394181ce7e13ebc6ae154117c1ac
Size: 0.96 MB - libX11-1.6.7-4.el7.i686.rpm
MD5: 6e7439c78f20e579476ab0e7125ca1f2
SHA-256: 9d39c6ca36840f297808353c11f0ee712f2ca8b975811ac3164f92d295d9629b
Size: 610.49 kB - libX11-devel-1.6.7-4.el7.i686.rpm
MD5: e1b51815e459ccba281bf8bc94ed177f
SHA-256: d161aca9e7c0401b7db61cc4e7adc65d8ec7b29f7b97168e851797b264b501eb
Size: 0.96 MB
English