Lucene search

K
ubuntuUbuntuUSN-6407-2
HistoryOct 10, 2023 - 12:00 a.m.

libx11 vulnerabilities

2023-10-1000:00:00
ubuntu.com
26
ubuntu 14.04 lts
ubuntu 16.04 lts
ubuntu 18.04 lts
libx11
x11 client-side library
remote code execution
denial of service
xpm image files

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

Low

EPSS

0

Percentile

5.1%

Releases

  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • libx11 - X11 client-side library

Details

USN-6407-1 fixed several vulnerabilities in libx11. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Gregory James Duck discovered that libx11 incorrectly handled certain
keyboard symbols. If a user were tricked into connecting to a malicious X
server, a remote attacker could use this issue to cause libx11 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2023-43785)

Yair Mizrahi discovered that libx11 incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could possibly use this issue to consume
memory, leading to a denial of service. (CVE-2023-43786)

Yair Mizrahi discovered that libx11 incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could use this issue to cause libx11 to
crash, leading to a denial of service, or possibly execute arbitrary code.
(CVE-2023-43787)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchlibx11-6< 2:1.6.4-3ubuntu0.4+esm2UNKNOWN
Ubuntu18.04noarchlibx11-6< 2:1.6.4-3ubuntu0.4UNKNOWN
Ubuntu18.04noarchlibx11-6-dbgsym< 2:1.6.4-3ubuntu0.4UNKNOWN
Ubuntu18.04noarchlibx11-6-udeb< 2:1.6.4-3ubuntu0.4UNKNOWN
Ubuntu18.04noarchlibx11-data< 2:1.6.4-3ubuntu0.4UNKNOWN
Ubuntu18.04noarchlibx11-dev< 2:1.6.4-3ubuntu0.4UNKNOWN
Ubuntu18.04noarchlibx11-doc< 2:1.6.4-3ubuntu0.4UNKNOWN
Ubuntu18.04noarchlibx11-xcb-dev< 2:1.6.4-3ubuntu0.4UNKNOWN
Ubuntu18.04noarchlibx11-xcb1< 2:1.6.4-3ubuntu0.4UNKNOWN
Ubuntu18.04noarchlibx11-xcb1-dbgsym< 2:1.6.4-3ubuntu0.4UNKNOWN
Rows per page:
1-10 of 381

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

Low

EPSS

0

Percentile

5.1%