Lucene search

K
slackwareSlackware Linux ProjectSSA-2023-276-01
HistoryOct 03, 2023 - 10:25 p.m.

[slackware-security] libX11

2023-10-0322:25:17
Slackware Linux Project
www.slackware.com
24
slackware
libx11
security issues
osu open source lab
integer overflow
memory access
stack exhaustion

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

New libX11 packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/libX11-1.8.7-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
libX11: out-of-bounds memory access in _XkbReadKeySyms().
libX11: stack exhaustion from infinite recursion in PutSubImage().
libX11: integer overflow in XCreateImage() leading to a heap overflow.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003424.html
https://vulners.com/cve/CVE-2023-43785
https://vulners.com/cve/CVE-2023-43786
https://vulners.com/cve/CVE-2023-43787
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libX11-1.8.7-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libX11-1.8.7-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libX11-1.8.7-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libX11-1.8.7-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libX11-1.8.7-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libX11-1.8.7-x86_64-1_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libX11-1.8.7-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libX11-1.8.7-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/libX11-1.8.7-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/libX11-1.8.7-x86_64-1.txz

MD5 signatures:

Slackware 14.0 package:
86205af301cca69a2c55f19c4f577771 libX11-1.8.7-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
3e3ce3de8e29ab1460855211a801db9a libX11-1.8.7-x86_64-1_slack14.0.txz

Slackware 14.1 package:
c587e5727d42624fa0d7f9bcc74f3fe7 libX11-1.8.7-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
63109f663888b6a2eec04c88030bd375 libX11-1.8.7-x86_64-1_slack14.1.txz

Slackware 14.2 package:
635a1f1d0da8ca4934a6deed776ef978 libX11-1.8.7-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
fda1710211e47201084ae7cf436019f0 libX11-1.8.7-x86_64-1_slack14.2.txz

Slackware 15.0 package:
4ff14baf51ef1178d6facea443104193 libX11-1.8.7-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
16c1034c8f379b1e7036df5a3ab62789 libX11-1.8.7-x86_64-1_slack15.0.txz

Slackware -current package:
04772be58add14ef90681dfbb73c9d61 x/libX11-1.8.7-i586-1.txz

Slackware x86_64 -current package:
c47d9c8c75d7d32357427199ffc3b974 x/libX11-1.8.7-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg libX11-1.8.7-i586-1_slack15.0.txz

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%