Gentoo alert 202407-21 (X.Org X11 library)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202407-21 ] X.Org X11 library: Multiple Vulnerabilities | |
| Date: | Sat, 06 Jul 2024 06:46:56 -0000 | |
| Message-ID: | <172024841656.7.14401900242796042805@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202407-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: X.Org X11 library: Multiple Vulnerabilities Date: July 06, 2024 Bugs: #877461, #908549, #915129 ID: 202407-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in the X.Org X11 library, the worst of which could lead to a denial of service. Background ========== X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files. Affected packages ================= Package Vulnerable Unaffected --------------- ------------ ------------ x11-libs/libX11 < 1.8.7 >= 1.8.7 Description =========== Multiple vulnerabilities have been discovered in X.Org X11 library. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All X.Org X11 library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.8.7" References ========== [ 1 ] CVE-2022-3554 https://nvd.nist.gov/vuln/detail/CVE-2022-3554 [ 2 ] CVE-2022-3555 https://nvd.nist.gov/vuln/detail/CVE-2022-3555 [ 3 ] CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 [ 4 ] CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 [ 5 ] CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 [ 6 ] CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202407-21 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmaI6GAACgkQFMQkOaVy +9mz9Q/9HdHhp3ps5zgfZ6urBS9RdGmWrxOJarehXLtI/J3pfQYruF0VMEI9jNeE BiWiK45XlUtoefkFqjzEDzBmo4qSPnQnRPUnWB/d0hpixbpBf0+XQ1HNdaoIti5L R6oDsIuKk4HUnkb/k5FHTZ9yRiJOWQoDeTvzZVfsosIlB0lWle+DoU/Ud9rCveD0 sx08K4GR/JSYmRMT4XerHFXCy4ziGki/aXxkDyr3cn23DpjOY4UYHEAbUjAHmn6T W3dQl/HE6CT7V+3SK5JMlXrAPEyLrGbGYb+yhObg4lfweQMGrzGJft50NzSp0USe cvCKDIDbx3ovPJM/FKVTvy+tK3C8Hi7RGqBMhlxqXJNf+gTHuNvoSJUbb7Q7Glre /iuG59Zx7+4meZl2/Q+vyv2X63dcCWPCiZx7ZbJEJL/PKiGhNAW8X05vv8bvGQy2 N88Xhm9tLAqGMIzQn7CZh7n3iuXs24iunEv0y/xIsov34c7DX+ZgvQLUhvLIKz16 XSNmCgatKVWvDaZ9xs6IN7+Uw/Ud+Y7gwPf/xpFyni01HivWJ6nPvjYxxTXiRG3l oHQ17pHSwbDVxaJvIlmySB0L8FQ3c65/YT9haRtubveGxnJEWjgb6JaLBC9pJihT 1pOr/8gr49QMasoWP7l0CDFtqNrFhX3tQccm+fPqZbKmC5Y+G+s= =Rfmm -----END PGP SIGNATURE-----