A vulnerability in X.Org X11 library could lead to a Denial of Service condition.
|Package||x11-libs/libX11 on all architectures|
|Affected versions||< 1.7.1|
|Unaffected versions||>= 1.7.1|
X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files.
It was discovered that XLookupColor() and other X.Org X11 library functions lacked proper validation of the length of their string parameters.
An attacker could emit arbitrary X protocol requests to the X server through malicious crafted string parameters in applications linked against X.Org X11 library.
There is no known workaround at this time.
All X.Org X11 library users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.7.1"
May 26, 2021
May 26, 2021: 1