StarlingX

[Debian] High CVE: CVE-2023-3138: libx11: a buffer overflow

Bug #2025014 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Peng Zhang

Bug Description

CVE-2023-3138: https://nvd.nist.gov/vuln/detail/CVE-2023-3138

libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow

Base Score: High(Tenable)

https://www.debian.org/security/2023/dsa-5433

https://www.tenable.com/plugins/nessus/177478

['libx11-6_2:1.7.2-1_amd64.deb===>libx11-6_2:1.7.2-1+deb11u1_amd64.deb', 'libx11-data_2:1.7.2-1_all.deb===>libx11-data_2:1.7.2-1+deb11u1_all.deb']

CVE References

Yue Tao (wrytao)
tags: added: stx.9.0 stx.security
Peng Zhang (pzhang2)
Changed in starlingx:
assignee: nobody → Peng Zhang (pzhang2)
status: Triaged → In Progress
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Fixed by the following reviews which merged on July 11 & 12:
https://review.opendev.org/c/starlingx/tools/+/888014
https://review.opendev.org/c/starlingx/tools/+/888215

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.