GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed May 26, 2021 10:26 pm Post subject: [ GLSA 202105-16 ] X.Org X11 library |
 |
|
Gentoo Linux Security Advisory
Title: X.Org X11 library: Denial of service (GLSA 202105-16)
Severity: low
Exploitable: remote
Date: 2021-05-26
Bug(s): #790824
ID: 202105-16
Synopsis
A vulnerability in X.Org X11 library could lead to a Denial of
Service condition.
Background
X.Org is an implementation of the X Window System. The X.Org X11 library
provides the X11 protocol library files.
Affected Packages
Package: x11-libs/libX11
Vulnerable: < 1.7.1
Unaffected: >= 1.7.1
Architectures: All supported architectures
Description
It was discovered that XLookupColor() and other X.Org X11 library
functions lacked proper validation of the length of their string
parameters.
Impact
An attacker could emit arbitrary X protocol requests to the X server
through malicious crafted string parameters in applications linked
against X.Org X11 library.
Workaround
There is no known workaround at this time.
Resolution
All X.Org X11 library users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.7.1"
|
References
CVE-2021-31535 |
|
News & Announcements
