Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

X.Org X11 library: Denial of service — GLSA 202105-16

A vulnerability in X.Org X11 library could lead to a Denial of Service condition.

Affected packages

Package x11-libs/libX11 on all architectures
Affected versions < 1.7.1
Unaffected versions >= 1.7.1

Background

X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files.

Description

It was discovered that XLookupColor() and other X.Org X11 library functions lacked proper validation of the length of their string parameters.

Impact

An attacker could emit arbitrary X protocol requests to the X server through malicious crafted string parameters in applications linked against X.Org X11 library.

Workaround

There is no known workaround at this time.

Resolution

All X.Org X11 library users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.7.1"

References

Release date
May 26, 2021

Latest revision
May 26, 2021: 1

Severity
low

Exploitable
remote

Bugzilla entries