Lucene search
AlmaLinuxALSA-2024:2973HistoryMay 22, 2024 - 12:00 a.m.
Moderate: libX11 security update
2024-05-2200:00:00
errata.almalinux.org
1
libx11
protocol client library
security fix
out-of-bounds memory access
stack exhaustion
integer overflow
cve-2023-43785
cve-2023-43786
cve-2023-43787
xcreateimage
putsubimage
almalinux
release notes
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The libX11 packages contain the core X11 protocol client library.
Security Fix(es):
- libX11: out-of-bounds memory access in _XkbReadKeySyms() (CVE-2023-43785)
- libX11: stack exhaustion from infinite recursion in PutSubImage() (CVE-2023-43786)
- libX11: integer overflow in XCreateImage() leading to a heap overflow (CVE-2023-43787)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 8 | noarch | libx11-common | < 1.6.8-8.el8 | libX11-common-1.6.8-8.el8.noarch.rpm |
| almalinux | 8 | i686 | libx11 | < 1.6.8-8.el8 | libX11-1.6.8-8.el8.i686.rpm |
| almalinux | 8 | i686 | libx11-xcb | < 1.6.8-8.el8 | libX11-xcb-1.6.8-8.el8.i686.rpm |
| almalinux | 8 | i686 | libx11-devel | < 1.6.8-8.el8 | libX11-devel-1.6.8-8.el8.i686.rpm |
| almalinux | 8 | x86_64 | libx11-devel | < 1.6.8-8.el8 | libX11-devel-1.6.8-8.el8.x86_64.rpm |
| almalinux | 8 | x86_64 | libx11-xcb | < 1.6.8-8.el8 | libX11-xcb-1.6.8-8.el8.x86_64.rpm |
| almalinux | 8 | x86_64 | libx11 | < 1.6.8-8.el8 | libX11-1.6.8-8.el8.x86_64.rpm |
| almalinux | 8 | aarch64 | libx11 | < 1.6.8-8.el8 | libX11-1.6.8-8.el8.aarch64.rpm |
| almalinux | 8 | aarch64 | libx11-devel | < 1.6.8-8.el8 | libX11-devel-1.6.8-8.el8.aarch64.rpm |
| almalinux | 8 | aarch64 | libx11-xcb | < 1.6.8-8.el8 | libX11-xcb-1.6.8-8.el8.aarch64.rpm |
References
Related
openvas
openvas
Huawei EulerOS: Security Advisory for libX11 (EulerOS-SA-2024-1065)
2024-01-09 00:00:00
Huawei EulerOS: Security Advisory for libX11 (EulerOS-SA-2023-3342)
2023-12-12 00:00:00
Ubuntu: Security Advisory (USN-6407-1)
2023-10-04 00:00:00
nessus
nessus
RHEL 9 : libX11 (RHSA-2024:2145)
2024-04-30 00:00:00
Oracle Linux 9 : libX11 (ELSA-2024-2145)
2024-05-06 00:00:00
EulerOS Virtualization 3.0.6.0 : libX11 (EulerOS-SA-2024-1690)
2024-05-17 00:00:00
slackware
slackware
[slackware-security] libX11
2023-10-03 22:25:17
cloudfoundry
cloudfoundry
USN-6407-1: libx11 vulnerabilities | Cloud Foundry
2023-10-05 00:00:00
USN-6407-2: libx11 vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
USN-6408-1: libXpm vulnerabilities | Cloud Foundry
2023-10-05 00:00:00
mageia
mageia
Updated libX11 packages fix security vulnerabilities
2023-10-14 01:56:51
ubuntu
ubuntu
libx11 vulnerabilities
2023-10-10 00:00:00
libx11 vulnerabilities
2023-10-03 00:00:00
libXpm vulnerabilities
2023-10-03 00:00:00
osv
osv
libx11 vulnerabilities
2023-10-10 14:35:08
libx11 - security update
2023-10-05 00:00:00
Moderate: libX11 security update
2024-05-22 00:00:00
redhat
redhat
(RHSA-2024:2973) Moderate: libX11 security update
2024-05-22 06:35:14
(RHSA-2024:2145) Moderate: libX11 security update
2024-04-30 06:14:52
debian
debian
[SECURITY] [DLA 3602-1] libx11 security update
2023-10-05 10:39:13
[SECURITY] [DSA 5517-1] libx11 security update
2023-10-05 18:18:00
[SECURITY] [DLA 3603-1] libxpm security update
2023-10-05 11:09:57
redos
redos
ROS-20231018-04
2023-10-18 00:00:00
oraclelinux
oraclelinux
libX11 security update
2024-05-23 00:00:00
libX11 security update
2024-05-02 00:00:00
freebsd
freebsd
11/libX11 multiple vulnerabilities
2023-09-22 00:00:00
almalinux
almalinux
Moderate: libX11 security update
2024-04-30 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0112
2023-10-11 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0486
2023-10-11 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0668
2023-10-12 00:00:00
amazon
amazon
fedora
fedora
[SECURITY] Fedora 39 Update: libX11-1.8.7-1.fc39
2023-10-07 03:24:34
[SECURITY] Fedora 39 Update: libXpm-3.5.17-1.fc39
2023-11-03 18:53:48
redhatcve
redhatcve
prion
prion
Out-of-bounds
2023-10-10 13:15:00
Integer overflow
2023-10-10 13:15:00
Race condition
2023-10-10 13:15:00
veracode
veracode
Denial Of Service (DoS) Through Infinite Loop
2023-10-12 07:21:34
Integer Overflow
2023-10-12 07:01:18
Out-of-bounds Read
2023-10-12 09:36:29
cbl_mariner
cbl_mariner
CVE-2023-43786 affecting package libX11 for versions less than 1.8.7-1
2023-11-08 02:07:28
CVE-2023-43785 affecting package libX11 for versions less than 1.8.7-1
2023-11-08 02:07:28
CVE-2023-43787 affecting package libX11 for versions less than 1.8.7-1
2023-11-08 02:07:28
ubuntucve
ubuntucve
cve
cve
debiancve
debiancve
cvelist
cvelist
alpinelinux
alpinelinux
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in X.Org Libx11
2024-01-16 20:04:05
nvd
nvd
vulnrichment
vulnrichment
CVE-2023-43785 Libx11: out-of-bounds memory access in _xkbreadkeysyms()
2023-10-10 12:26:02
ibm
ibm
Security Bulletin: App Connect Enterprise Certified Container UBI updates
2024-02-02 14:30:02
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for ALSA-2024:2973