StarlingX

[Debian] High CVE: CVE-2023-43785/CVE-2023-43786/CVE-2023-43787 libx11

Bug #2038707 reported by Yue Tao on 2023-10-07

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Li Zhou

Bug Description

CVE-2023-43785: https://nvd.nist.gov/vuln/detail/CVE-2023-43785

CVE-2023-43786: https://nvd.nist.gov/vuln/detail/CVE-2023-43786

CVE-2023-43787: https://nvd.nist.gov/vuln/detail/CVE-2023-43787

Base Score: High

Reference:

['libx11-6_2:1.7.2-1+deb11u1_amd64.deb===>libx11-6_2:1.7.2-1+deb11u2_amd64.deb', 'libx11-data_2:1.7.2-1+deb11u1_all.deb===>libx11-data_2:1.7.2-1+deb11u2_all.deb', 'libx11-dev_2:1.7.2-1+deb11u1_amd64.deb===>libx11-dev_2:1.7.2-1+deb11u2_amd64.deb', 'libx11-xcb1_2:1.7.2-1+deb11u1_amd64.deb===>libx11-xcb1_2:1.7.2-1+deb11u2_amd64.deb']
https://www.debian.org/security/2023/dsa-5517
https://www.tenable.com/plugins/nessus/182651

Tags:

CVE References

Li Zhou (lzhou2) on 2023-10-07

Changed in starlingx:
assignee:	nobody → Li Zhou (lzhou2)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-10-12: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/898060

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-10-12: Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/898060
Committed: https://opendev.org/starlingx/tools/commit/a5d801159325e1c8c7b9022fb7ab7fdde256c68d
Submitter: "Zuul (22348)"
Branch: master

commit a5d801159325e1c8c7b9022fb7ab7fdde256c68d
Author: Li Zhou <email address hidden>
Date: Fri Oct 6 23:15:23 2023 -0700

Debian: libx11: fix multiple CVEs

    Upgrade libx11 related packages' version from 2:1.7.2-1+deb11u1
    to 2:1.7.2-1+deb11u2 to fix CVE-2023-43785/CVE-2023-43786/
    CVE-2023-43787.

    Test Plan:
     Pass: downloader
     Pass: build-pkgs --clean --all
     Pass: build-image
     Pass: boot

Closes-bug: #2038707

Signed-off-by: Li Zhou <email address hidden>
Change-Id: Ifcc86a006497dad9b6f3450f82446121155085ff

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.