libX11-1.6.8-5.el8
エラータID: AXSA:2021-2639:02
リリース日:
2021/12/12 Sunday - 05:27
題名:
libX11-1.6.8-5.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- ibX11 の LookupCol.c 内の XLookupColor リクエストには、X クライアントが
色名称のリクエストをプロトコルが許可している最大サイズよりも長く、
またパケットの最大サイズよりも長い名前で送信できてしまう問題があり、
X サーバーは最大サイズを超えたリクエストデータを追加の X プロトコルとして
解釈するため、攻撃者が任意のコードを実行できる脆弱性があります。
(CVE-2021-31535)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-31535
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
追加情報:
N/A
ダウンロード:
SRPMS
- libX11-1.6.8-5.el8.src.rpm
MD5: c16b4ba1c037121fa213f0295c54f593
SHA-256: 3a9e32fbcf5f775e17a0e39718975615fcb1959671dce1755478320a0a3ae3e7
Size: 2.30 MB
Asianux Server 8 for x86_64
- libX11-1.6.8-5.el8.x86_64.rpm
MD5: 440c88d0580e6771c7a8acc973e6d38b
SHA-256: ab7add33fa5eba0160ffd46444673b27aa756355916c6f8e245befbccc37038a
Size: 610.07 kB - libX11-common-1.6.8-5.el8.noarch.rpm
MD5: 277bdbc05d9c851f6a45846497dd334b
SHA-256: ff3554b5254fc82a394e997ce7e3611fa2b1f05965812ec6aec0b7ab9f1e072f
Size: 156.80 kB - libX11-devel-1.6.8-5.el8.x86_64.rpm
MD5: d33395242c11c1895279a8383530792a
SHA-256: 39bce4d9bb3fed9a7b1f8058c7da6e1131bcb9b6a1c94c8af39f0b463a5b70c1
Size: 975.30 kB - libX11-xcb-1.6.8-5.el8.x86_64.rpm
MD5: 865af9e6f18625b97436f3565538300d
SHA-256: c3b8f4844a16070789c0555a2be795455d55e744a873c309ef301e8a79faeb06
Size: 13.11 kB - libX11-1.6.8-5.el8.i686.rpm
MD5: 329768a2ab344e5c2eb33cbb8b8f5e09
SHA-256: 198b4eecf2f35fca8e45a79c7d4915df03e7fce87dd4eebf06c017eee1fff029
Size: 638.19 kB - libX11-devel-1.6.8-5.el8.i686.rpm
MD5: 20193fc3d3f21fdbc2992168dc878ebd
SHA-256: ab24c40e84bcb6ec97dc76d3954ff50e34f1121dc798306e06bc33e13d7eab9e
Size: 975.31 kB - libX11-xcb-1.6.8-5.el8.i686.rpm
MD5: 99a05995ce33fc9cf6acc28f8073df56
SHA-256: 42769b3384fcfb9aa39c39586ccdf0fce8b441a7a52a6f307187d71cc93e987a
Size: 13.12 kB
English