Advisories » MGASA-2023-0287

Updated libX11 packages fix security vulnerabilities

Publication date: 13 Oct 2023
Modification date: 13 Oct 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-43785 , CVE-2023-43786 , CVE-2023-43787

Description

A vulnerability was found in libX11 due to a boundary condition within
the _XkbReadKeySyms() function. This flaw allows a local user to trigger
an out-of-bounds read error and read the contents of memory on the
system. (CVE-2023-43785)

A vulnerability was found in libX11 due to an infinite loop within the
PutSubImage() function. This flaw allows a local user to consume all
available system resources and cause a denial of service condition.
(CVE-2023-43786)

A vulnerability was found in libX11 due to an integer overflow within
the XCreateImage() function. This flaw allows a local user to trigger an
integer overflow and execute arbitrary code with elevated privileges.
(CVE-2023-43787)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32358
• https://www.openwall.com/lists/oss-security/2023/10/03/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43785
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43786
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43787

SRPMS

8/core

• libx11-1.7.0-1.5.mga8

9/core

• libx11-1.8.6-1.1.mga9