What Are You Looking For?

Sign Up
MGASA-2023-0287 - Updated libX11 packages fix security vulnerabilities

Publication date: 13 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0287.html
Type: security
Affected Mageia releases: 8, 9
CVE: CVE-2023-43785,
     CVE-2023-43786,
     CVE-2023-43787

A vulnerability was found in libX11 due to a boundary condition within
the _XkbReadKeySyms() function. This flaw allows a local user to trigger
an out-of-bounds read error and read the contents of memory on the
system. (CVE-2023-43785)

A vulnerability was found in libX11 due to an infinite loop within the
PutSubImage() function. This flaw allows a local user to consume all
available system resources and cause a denial of service condition.
(CVE-2023-43786)

A vulnerability was found in libX11 due to an integer overflow within
the XCreateImage() function. This flaw allows a local user to trigger an
integer overflow and execute arbitrary code with elevated privileges.
(CVE-2023-43787)

References:
- https://bugs.mageia.org/show_bug.cgi?id=32358
- https://www.openwall.com/lists/oss-security/2023/10/03/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43785
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43786
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43787

SRPMS:
- 9/core/libx11-1.8.6-1.1.mga9
- 8/core/libx11-1.7.0-1.5.mga8

Mageia 2023-0287: libX11 security update

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function

Summary

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. (CVE-2023-43785)
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. (CVE-2023-43786)
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. (CVE-2023-43787)

References

- https://bugs.mageia.org/show_bug.cgi?id=32358

- https://www.openwall.com/lists/oss-security/2023/10/03/1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43785

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43786

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43787

Resolution

MGASA-2023-0287 - Updated libX11 packages fix security vulnerabilities

SRPMS

- 9/core/libx11-1.8.6-1.1.mga9

- 8/core/libx11-1.7.0-1.5.mga8

Severity
Publication date: 13 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0287.html
Type: security
CVE: CVE-2023-43785, CVE-2023-43786, CVE-2023-43787

Related News

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

The Rust Foundation to Develop Training and Certification Program

Dec 3, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo