Skip to main content
Skip table of contents

ISN 2023-22: Multiple X11 Vulnerabilites

Updated 17 October 2023 (IGEL OS 11.09.100 available)

First published 6 October 2023

CVSS 3.1: 5.5 (Medium)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A

Summary

Multiple issues have been found in the libX11 and libXpm libraries published by X.Org, which are used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12
  • IGEL OS 11

Details

The first issue (CVE-2023-43785) can be triggered by connecting to an X server that sends specially crafted replies to X11 protocol requests – this can happen with an X Session from IGEL OS. It can lead to an out-of-bounds memory access and is rated as medium.

The other four issues (CVE-2023-43786, CVE-2023-43787, CVE-2023-43788 and CVE-2023-43789) can be triggered by opening specially crafted XPM format image files via libXpm and can exhaust the stack, lead to a heap overflow or cause an out-of-bounds read. They are all rated as medium.

Update Instructions

  • OS 12: IGEL is preparing an updated Base system for OS 12.
  • OS 11: Update to IGEL OS 11.09.100 or newer.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.