UbuntuUpdates.org

Package "libx11-data"

Name: libx11-data

Description:

X11 client-side library

Latest version: 2:1.6.9-2ubuntu1.6
Release: focal (20.04)
Level: security
Repository: main
Head package: libx11

Links


Download "libx11-data"


Other versions of "libx11-data" in Focal

Repository Area Version
base main 2:1.6.9-2ubuntu1
updates main 2:1.6.9-2ubuntu1.6

Changelog

Version: 2:1.6.9-2ubuntu1.6 2023-10-03 19:10:09 UTC

  libx11 (2:1.6.9-2ubuntu1.6) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds memory access in _XkbReadKeySyms()
    - d/p/0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch
    - CVE-2023-43785
  * SECURITY UPDATE: stack exhaustion from infinite recursion in
    PutSubImage()
    - d/p/0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch
    - d/p/0003-XPutImage-clip-images-to-maximum-height-width-allowe.patch
    - CVE-2023-43786
  * SECURITY UPDATE: integer overflow in XCreateImage() leading to a heap
    overflow
    - d/p/0004-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
    - d/p/0005-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
    - CVE-2023-43787

 -- Marc Deslauriers <email address hidden> Mon, 02 Oct 2023 15:14:49 -0400

Source diff to previous version
CVE-2023-43785 libX11: out-of-bounds memory access in _XkbReadKeySyms()
CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage()
CVE-2023-43787 ibX11: integer overflow in XCreateImage() leading to a heap overflow

Version: 2:1.6.9-2ubuntu1.5 2023-06-15 18:07:00 UTC

  libx11 (2:1.6.9-2ubuntu1.5) focal-security; urgency=medium

  * SECURITY UPDATE: multiple buffer overflows
    - debian/patches/CVE-2023-3138.patch: add bounds checks for extension
      request, event, & error codes in src/InitExt.c.
    - CVE-2023-3138
  * This update does _not_ contain the changes from 2:1.6.9-2ubuntu1.3 in
    focal-proposed.

 -- Marc Deslauriers <email address hidden> Tue, 13 Jun 2023 07:26:48 -0400

Source diff to previous version

Version: 2:1.6.9-2ubuntu1.2 2021-05-25 18:06:32 UTC

  libx11 (2:1.6.9-2ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: extra X protocol requests via unchecked string lengths
    - debian/patches/CVE-2021-31535.patch: reject strings longer than
      USHRT_MAX before sending them on the wire in src/Font.c,
      src/FontInfo.c, src/FontNames.c, src/GetColor.c, src/LoadFont.c,
      src/LookupCol.c, src/ParseCol.c, src/QuExt.c, src/SetFPath.c,
      src/SetHints.c, src/StNColor.c, src/StName.c .
    - CVE-2021-31535

 -- Marc Deslauriers <email address hidden> Wed, 19 May 2021 13:07:18 -0400

Source diff to previous version

Version: 2:1.6.9-2ubuntu1.1 2020-09-02 14:06:23 UTC

  libx11 (2:1.6.9-2ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: integer overflow and heap overflow in XIM client
    - debian/patches/CVE-2020-14344-1.patch: fix signed length values in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-2.patch: fix integer overflows in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-3.patch: fix more unchecked lengths in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-4.patch: zero out buffers in functions
      in modules/im/ximcp/imDefIc.c, modules/im/ximcp/imDefIm.c.
    - debian/patches/CVE-2020-14344-5.patch: change the data_len parameter
      to CARD16 in modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-6.patch: fix size calculation in
      modules/im/ximcp/imRmAttr.c.
    - debian/patches/CVE-2020-14344-7.patch: fix input clients connecting
      to server in modules/im/ximcp/imRmAttr.c.
    - CVE-2020-14344
  * SECURITY UPDATE: integer overflow and double free in locale handling
    - debian/patches/CVE-2020-14363.patch: fix an integer overflow in
      modules/om/generic/omGeneric.c.
    - CVE-2020-14363

 -- Marc Deslauriers <email address hidden> Mon, 31 Aug 2020 11:51:55 -0400

CVE-2020-14344 An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. A
CVE-2020-14363 Double free in libX11 locale handling code



About   -   Send Feedback to @ubuntu_updates