Hi, Those CVEs were announced here: https://www.openwall.com/lists/oss-security/2023/10/03/1 Best regards, Nico.
CC: (none) => nicolas.salgueroSource RPM: (none) => libx11-1.8.6-1.mga9.src.rpmWhiteboard: (none) => MGA9TOO, MGA8TOO
Assigning globally as no one packager is in evidence for this pkg.
Status comment: (none) => Fixed by libX11 1.8.7 and libXpm 3.5.17Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix security vulnerabilities: A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. (CVE-2023-43785) A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. (CVE-2023-43786) A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. (CVE-2023-43787) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43785 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43786 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43787 https://www.openwall.com/lists/oss-security/2023/10/03/1 ======================== Updated packages in 9/core/updates_testing: ======================== lib(64)x11_6-1.8.6-1.1.mga9 lib(64)x11-devel-1.8.6-1.1.mga9 lib(64)x11-xcb1-1.8.6-1.1.mga9 libx11-common-1.8.6-1.1.mga9 libx11-doc-1.8.6-1.1.mga9 from SRPM: libx11-1.8.6-1.1.mga9.src.rpm Updated packages in 8/core/updates_testing: ======================== lib(64)x11_6-1.7.0-1.5.mga8 lib(64)x11-devel-1.7.0-1.5.mga8 lib(64)x11-xcb1-1.7.0-1.5.mga8 libx11-common-1.7.0-1.5.mga8 libx11-doc-1.7.0-1.5.mga8 from SRPM: libx11-1.7.0-1.5.mga8.src.rpm
Assignee: pkg-bugs => qa-bugsWhiteboard: MGA9TOO, MGA8TOO => MGA8TOOVersion: Cauldron => 9Status: NEW => ASSIGNEDStatus comment: Fixed by libX11 1.8.7 and libXpm 3.5.17 => (none)
CC: (none) => mageia
Advisory from comment 2 uploaded, please remove the advisory keyword if it needs to be changed.
CC: (none) => marja11Keywords: (none) => advisory
MGA9 Plasma on an HP Pavilion 15. No installation issues. Using bug 32015 comment 2 as a guide, tried several calls of zenity with various options, with no issues. No issues with the desktop, either.
Whiteboard: MGA8TOO => MGA8TOO MGA9-64-OKCC: (none) => andrewsfarm
MGA8-64 Plasma on the same hardware as comment 4. Same tests, same results. In addition, looking at some of the other packages that require lib64x11_6, I see things like Firefox, which I am using now to write this. Giving this an OK for MGA8, and validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: MGA8TOO MGA9-64-OK => MGA8TOO MGA9-64-OK MGA8-64-OK
Tested on 32-bit hardware for both releases, as well. Both OK.
Whiteboard: MGA8TOO MGA9-64-OK MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OK MGA8-32-OK MGA9-32-OK
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0287.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED