libX11-1.7.0-8.el9
エラータID: AXSA:2023-6905:01
リリース日:
2023/12/12 Tuesday - 10:23
題名:
libX11-1.7.0-8.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libX11 には、リクエストやイベント、エラーの ID の値を検証せず
に配列の要素として利用してしまう問題があるため、リモートの
攻撃者により、細工された X サーバーや中間プロキシサーバーから
の入力を介して、サービス拒否攻撃 (メモリ破壊およびクラッシュ
の発生) を可能とする脆弱性が存在します。(CVE-2023-3138)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-3138
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.
追加情報:
N/A
ダウンロード:
SRPMS
- libX11-1.7.0-8.el9.src.rpm
MD5: 67d9dc9cfeca280188a5bb760a87361c
SHA-256: d37bdfcf65e7489762b41c3c92b282d790d3f7edeba8573fb907b2ce58ecbd4c
Size: 2.31 MB
Asianux Server 9 for x86_64
- libX11-1.7.0-8.el9.i686.rpm
MD5: 18cface1c8132b277a32776de43fd18d
SHA-256: 994d76dea71e5e5eb7dea7dd5d58a393991ed54c09a7b881b9c51876604b03fb
Size: 667.25 kB - libX11-1.7.0-8.el9.x86_64.rpm
MD5: 037c07c7d6e2cbd0b9ff3dcfdf637bb1
SHA-256: 596f1da96828fc163c274301408c125b54ac2f953605e971a0801d35582abeea
Size: 650.38 kB - libX11-common-1.7.0-8.el9.noarch.rpm
MD5: c463740033a3325d23d344ff5e7b5e5e
SHA-256: d98a286055902a901940c639c873916f284b84f64950f918d93b035804616343
Size: 150.64 kB - libX11-devel-1.7.0-8.el9.i686.rpm
MD5: e01c9ed643fabee1ec5ce36b0b4629d7
SHA-256: c41c1cbbe14bb0a4729547c787ac3632628c7695755612cd561bc34764c2f6db
Size: 938.82 kB - libX11-devel-1.7.0-8.el9.x86_64.rpm
MD5: 2376a2edd4609b273caddf6c49d834ef
SHA-256: bb31ff0eb8a4bc2f4372104bebe06e28f42e35dabf2664664593e35226bac6e0
Size: 938.98 kB - libX11-xcb-1.7.0-8.el9.i686.rpm
MD5: a90ae00588591e38d1f780fdb1d78052
SHA-256: 1702ae3a37d6d52cb80e77e6edba0e79593df7377c19a54d075ae2cd6debdfb2
Size: 9.75 kB - libX11-xcb-1.7.0-8.el9.x86_64.rpm
MD5: 9e35493150baa98a0865138d80938b30
SHA-256: 70b0e5f9f96e7f6c1b89440dcc91e1060d611ec998a9794ee588e5d637a7dbc2
Size: 9.73 kB