| Summary: | <x11-libs/libX11-1.8.2: memory leak | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | A4 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2022-10-17 15:00:35 UTC
There is a follow-up patch: https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=76d1cc3c1ce943c6ff81dc8c62a1d1b30fabf02e. Both libX11-1.7.5 and libX11-1.8.1 seem to already include these fixes. CVE-2022-3554 (https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=1d11822601fd24a396b354fa616b04ed3df8b4ef): A vulnerability has been found in X.org libX11 and classified as problematic. This vulnerability affects the function _XimRegisterIMInstantiateCallback of the file modules/im/ximcp/imsClbk.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211054 is the identifier assigned to this vulnerability. The first CVE is indeed fixed in 1.7.5 and 1.8.1, but *this* is the one that appears unreleased. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ad043d75ef1974c869c6e376d93dc9e7f4518860 commit ad043d75ef1974c869c6e376d93dc9e7f4518860 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-06 06:46:25 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-06 06:46:34 +0000 [ GLSA 202407-21 ] X.Org X11 library: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/877461 Bug: https://bugs.gentoo.org/908549 Bug: https://bugs.gentoo.org/915129 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-21.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) |