X.Org libX11 输入验证错误漏洞

admin

0
文章

0
评论

2023-12-01 14:27:51 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

低危 X.Org libX11 输入验证错误漏洞

CVE编号

CVE-2021-31535

利用情况

暂无

补丁情况

官方补丁

披露时间

2021-05-27

漏洞描述

X.Org libX11是X.Org（X.org）基金会的一个X11（X Window系统）客户端库。 libX11 存在安全漏洞，该漏洞源于XLookupColor和其他X库函数缺乏对其字符串参数长度的适当验证。

解决建议

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：https://gitlab.freedesktop.org/xorg/lib/libx11

参考链接
http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-...
http://seclists.org/fulldisclosure/2021/May/52
http://www.openwall.com/lists/oss-security/2021/05/18/2
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53de...
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee...
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee...
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af...
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af...
https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.freedesktop.org/archives/xorg/
https://lists.x.org/archives/xorg-announce/2021-May/003088.html
https://security.gentoo.org/glsa/202105-16
https://security.netapp.com/advisory/ntap-20210813-0001/
https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-c...
https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt
https://www.debian.org/security/2021/dsa-4920
https://www.openwall.com/lists/oss-security/2021/05/18/2
https://www.openwall.com/lists/oss-security/2021/05/18/3

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	x.org	libx11	*		Up to (excluding) 1.7.1
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	libX11-devel	*		Up to (excluding) 1.6.7-4.1.al7
	运行在以下环境
	系统	alpine_3.10	libx11	*		Up to (excluding) 1.6.12-r1
	运行在以下环境
	系统	alpine_3.11	libx11	*		Up to (excluding) 1.6.12-r1
	运行在以下环境
	系统	alpine_3.12	libx11	*		Up to (excluding) 1.6.12-r1
	运行在以下环境
	系统	alpine_3.13	libx11	*		Up to (excluding) 1.7.1-r0
	运行在以下环境
	系统	alpine_3.14	libx11	*		Up to (excluding) 1.7.1-r0
	运行在以下环境
	系统	alpine_3.15	libx11	*		Up to (excluding) 1.7.1-r0
	运行在以下环境
	系统	alpine_3.16	libx11	*		Up to (excluding) 1.7.1-r0
	运行在以下环境
	系统	alpine_3.17	libx11	*		Up to (excluding) 1.7.1-r0
	运行在以下环境
	系统	alpine_3.18	libx11	*		Up to (excluding) 1.7.1-r0
	运行在以下环境
	系统	alpine_edge	libx11	*		Up to (excluding) 1.7.1-r0
	运行在以下环境
	系统	amazon_2	libX11	*		Up to (excluding) 1.6.7-3.amzn2.0.2
	运行在以下环境
	系统	amazon_AMI	libX11	*		Up to (excluding) 1.6.0-2.2.14.amzn1
	运行在以下环境
	系统	centos_7	libX11	*		Up to (excluding) 1.6.7-4.el7_9
	运行在以下环境
	系统	centos_8	libX11-common	*		Up to (excluding) 1.6.8-5.el8
	运行在以下环境
	系统	debian_10	libx11	*		Up to (excluding) 2:1.6.7-1+deb10u2
	运行在以下环境
	系统	debian_11	libx11	*		Up to (excluding) 2:1.7.1-1
	运行在以下环境
	系统	debian_12	libx11	*		Up to (excluding) 2:1.7.1-1
	运行在以下环境
	系统	debian_9	libx11	*		Up to (excluding) 2:1.6.4-3+deb9u4
	运行在以下环境
	系统	debian_sid	libx11	*		Up to (excluding) 2:1.7.1-1
	运行在以下环境
	系统	fedora_33	libX11-debugsource	*		Up to (excluding) 1.7.2-3.fc33
	运行在以下环境
	系统	opensuse_Leap_15.2	libX11-data	*		Up to (excluding) 6-1.6.5-lp152.5.15.1
	运行在以下环境
	系统	opensuse_Leap_15.3	libX11-data	*		Up to (excluding) 1.6.5-3.21.1
	运行在以下环境
	系统	oracle_7	oraclelinux-release	*		Up to (excluding) 1.6.7-4.el7_9
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 1.6.8-5.el8
	运行在以下环境
	系统	redhat_7	libX11	*		Up to (excluding) 1.6.7-4.el7_9
	运行在以下环境
	系统	redhat_8	libX11-common	*		Up to (excluding) 1.6.8-5.el8
	运行在以下环境
	系统	suse_12_SP5	libX11-xcb1-32bit	*		Up to (excluding) 1.6.2-12.18.1
	运行在以下环境
	系统	ubuntu_14.04.6_lts	libx11	*		Up to (excluding) 2:1.6.2-1ubuntu2.1+esm2
	运行在以下环境
	系统	ubuntu_18.04	libx11	*		Up to (excluding) 2:1.6.4-3ubuntu0.4
	运行在以下环境
系统	ubuntu_18.04.5_lts	libx11	*		Up to (excluding) 2:1.6.4-3ubuntu0.4
运行在以下环境
系统	ubuntu_20.04	libx11	*		Up to (excluding) 2:1.6.9-2ubuntu1.2
运行在以下环境
系统	ubuntu_21.04	libx11	*		Up to (excluding) 2:1.7.0-2ubuntu0.1
运行在以下环境
系统	ubuntu_21.10	libx11	*		Up to (excluding) 1.7.0-2ubuntu1
运行在以下环境
系统	ubuntu_22.04	libx11	*		Up to (excluding) 1.7.0-2ubuntu1
运行在以下环境
系统	x.org	x_window_system	*		Up to (including) x11r7.7