libX11-1.6.8-6.el8
エラータID: AXSA:2023-7235:02
リリース日:
2023/12/25 Monday - 09:39
題名:
libX11-1.6.8-6.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libX11 には、リクエストやイベント、エラーの ID の値を検証せず
に配列の要素として利用してしまう問題があるため、リモートの攻撃者
により、細工された X サーバーや中間プロキシサーバーからの入力を
介して、サービス拒否攻撃 (メモリ破壊およびクラッシュの発生) を
可能とする脆弱性が存在します。(CVE-2023-3138)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-3138
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.
追加情報:
N/A
ダウンロード:
SRPMS
- libX11-1.6.8-6.el8.src.rpm
MD5: 42f5d5f8040abb299e5a38c60b4e3dc6
SHA-256: 4600d111574ed4aed502235715a98185f028c68053682908bfc4380c3af00f3d
Size: 2.30 MB
Asianux Server 8 for x86_64
- libX11-1.6.8-6.el8.i686.rpm
MD5: 5df404b0aff5549a056170e964e3dd6b
SHA-256: 9f56790cf4e6dd68c1f37b6ec1c5a708169bd9501c8916e5dcb11cb21f2034d0
Size: 638.22 kB - libX11-1.6.8-6.el8.x86_64.rpm
MD5: 0d72045384434cbb85c5e37b3ca05ad2
SHA-256: ee9e3d25d238ade86e67ba1e90e3608f530b40f343f55a5c2e3609f8b6eda3e6
Size: 610.22 kB - libX11-common-1.6.8-6.el8.noarch.rpm
MD5: 12bc016da56ee94e7e9ef73f1806a818
SHA-256: 0967eb5fe5526751ae691d51e04f944230c5b4cf6f48a452277c4b26bc227165
Size: 156.77 kB - libX11-devel-1.6.8-6.el8.i686.rpm
MD5: bf8ae3f8ceec9e14d35d85e86d89584c
SHA-256: f98720fb5a7eb86d7787ad8c8174806b7bf191d88ecb0de2193fadc6297e898d
Size: 975.40 kB - libX11-devel-1.6.8-6.el8.x86_64.rpm
MD5: 8a11bb4635fbdebd4646a38fd7007ecc
SHA-256: 079d21836a54b4cb1cec3ae7e10bc80994114d3237fde88bbfdd6f3cffb1f557
Size: 975.41 kB - libX11-xcb-1.6.8-6.el8.i686.rpm
MD5: 89c5302715db2cc55bcd4160ae529eb2
SHA-256: c8f860d34584dd45e1e8930c51fd437850b3e3dbc404a5a949d274d7decddc82
Size: 13.11 kB - libX11-xcb-1.6.8-6.el8.x86_64.rpm
MD5: 1ab9bce3225d02ef2a5a26afdde03f1f
SHA-256: 551573e81e51b3c27377012e60129bf2deeb162740e7a21bce2ae2ae8239ec1a
Size: 13.09 kB
English