Summary: | <x11-libs/libX11-1.7.1: missing request length checks (CVE-2021-31535) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | atoth, x11 |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
x11-libs/libX11-1.7.1
x11-misc/compose-tables-1.7.1
|
Runtime testing required: | --- |
Description
Sam James
2021-05-18 15:10:24 UTC
Missing request length checks in libX11 ======================================= CVE-2021-31535 XLookupColor() and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application (for instance a color name that can be emitted via a terminal control sequence) it can lead to the emission of extra X protocol requests to the X server. Patch ----- A patch for XLookupColor() and other potentially vulnerable functions has been committed to libX11. libX11 1.7.1 will be released shortly and contains a fix for this issue. https://gitlab.freedesktop.org/xorg/lib/libx11 commit: 8d2e02ae650f00c4a53deb625211a0527126c605 Reject string longer than USHRT_MAX before sending them on the wire XTerm version 367 contains extra validation for the length of color names passed to XLookupColor() from terminal control sequences. XTerm version 366 and earlier are vulnerable. Tests conducted by Roman Fiedler on other terminal emulator applications have not found other cases of passing un-checked color names to XLookupColor(). Thanks ====== This vulnerability has been discovered by Roman Fiedler from Unparalleled IT Services e.U. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c67547773c3ff747213bf9c464273f1030ed27a8 commit c67547773c3ff747213bf9c464273f1030ed27a8 Author: Piotr Karbowski <slashbeast@gentoo.org> AuthorDate: 2021-05-18 16:47:15 +0000 Commit: Piotr Karbowski <slashbeast@gentoo.org> CommitDate: 2021-05-18 16:47:15 +0000 x11-libs/libX11: 1.7.1 version bump. Bug: https://bugs.gentoo.org/790824 Signed-off-by: Piotr Karbowski <slashbeast@gentoo.org> x11-libs/libX11/Manifest | 1 + x11-libs/libX11/libX11-1.7.1.ebuild | 39 +++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+) sparc stable amd64 done x86 done arm64 done arm done New GLSA request filed. ppc64 done This issue was resolved and addressed in GLSA 202105-16 at https://security.gentoo.org/glsa/202105-16 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architectures. ppc done all arches done Please cleanup. Unable to check for sanity:
> no match for package: x11-libs/libX11-1.7.1
Cleaned. Thanks, all done! |