Context Navigation

← Previous Ticket
Next Ticket →

#18174 closed enhancement (fixed)

libX11-1.8.6 (Xorg Library)

Reported by:	Douglas R. Reno	Owned by:	blfs-book
Priority:	elevated	Milestone:	12.0
Component:	BOOK	Version:	git
Severity:	normal	Keywords:
Cc:

Description ¶

New point version

Contains a fix for CVE-2023-3138:

X.Org Security Advisory: June 15, 2023

Buffer overflows in InitExt.c in libX11 prior to 1.8.6 [CVE-2023-3138]
======================================================================

The functions in src/InitExt.c in libX11 prior to 1.8.6 do not check
that the values provided for the Request, Event, or Error IDs are
within the bounds of the arrays that those functions write to, using
those IDs as array indexes.  Instead they trusted that they were called
with values provided by an Xserver that was adhering to the bounds
specified in the X11 protocol, as all X servers provided by X.Org do.

As the protocol only specifies a single byte for these values, an
out-of-bounds value provided by a malicious server (or a malicious
proxy-in-the-middle) can only overwrite other portions of the Display
structure and not write outside the bounds of the Display structure
itself.  Testing has found it is possible to at least cause the client
to crash with this memory corruption.

This is fixed in:
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
which is included in the libX11 1.8.6 release issued today.

Attachments (1)

libX11-1.8.6.patch (1.5 KB ) - added by Rahul Chandra 22 months ago.

Download all attachments as: .zip

Change History (7)

by Rahul Chandra, 22 months ago

Attachment:	libX11-1.8.6.patch added

follow-up: 2 comment:1 by Rahul Chandra, 22 months ago

SBU and disk space didn't change much (about 60 kb on average and about .6 SBU for libX11 alone, still 2.1 on the whole). The tar is the same size and it builds fine on a fresh system. Here is a patch

in reply to: 1 ; follow-up: 3 comment:2 by Xi Ruoyao, 22 months ago

Replying to Rahul Chandra:

SBU and disk space didn't change much (about 60 kb on average and about .6 SBU for libX11 alone, still 2.1 on the whole). The tar is the same size and it builds fine on a fresh system. Here is a patch

Generally you can skip SBU & disk usage measurement unless there is some reason to expect they'll change significantly. During the full-book test before making a release, all SBU & disk usage will be remeasured.

in reply to: 2 comment:3 by Bruce Dubbs, 22 months ago

Replying to Xi Ruoyao:

Generally you can skip SBU & disk usage measurement unless there is some reason to expect they'll change significantly. During the full-book test before making a release, all SBU & disk usage will be remeasured.

That's true for pages like xorg libs, kf5, etc, but for most packages, I update, or at least check SBU and disk space for every package update. For point releases, I sometimes omit changing the stats for the tests.

comment:4 by Xi Ruoyao, 22 months ago

I've verified the change and pushed it into trunk at r11.3-752-g677cf19bdf.

The ticket is left open for a security advisory.

comment:5 by pierre, 22 months ago

Resolution:	→ fixed
Status:	new → closed

Advisory done at commit 7ba24f2 in the www repo.

comment:6 by Bruce Dubbs, 20 months ago

Milestone:	11.4 → 12.0

Milestone renamed

Note: See TracTickets for help on using tickets.

Download in other formats: