The Slackware Linux Project: Mailing List Info

Mailing List Info
News
Security Advisories
FAQ
Book
General Info
Get Slack
Install Help
Configuration
Packages
ChangeLogs
Propaganda
Ports
Other Sites
Support
Contact
Mailing Lists
Archives
About
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] libX11 (SSA:2023-276-01)
Date: Tue, 3 Oct 2023 15:25:17 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  libX11 (SSA:2023-276-01)

New libX11 packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/libX11-1.8.7-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  libX11: out-of-bounds memory access in _XkbReadKeySyms().
  libX11: stack exhaustion from infinite recursion in PutSubImage().
  libX11: integer overflow in XCreateImage() leading to a heap overflow.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    https://www.cve.org/CVERecord?id=CVE-2023-43785
    https://www.cve.org/CVERecord?id=CVE-2023-43786
    https://www.cve.org/CVERecord?id=CVE-2023-43787
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libX11-1.8.7-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libX11-1.8.7-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libX11-1.8.7-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libX11-1.8.7-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libX11-1.8.7-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libX11-1.8.7-x86_64-1_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libX11-1.8.7-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libX11-1.8.7-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/libX11-1.8.7-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/libX11-1.8.7-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 package:
86205af301cca69a2c55f19c4f577771  libX11-1.8.7-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
3e3ce3de8e29ab1460855211a801db9a  libX11-1.8.7-x86_64-1_slack14.0.txz

Slackware 14.1 package:
c587e5727d42624fa0d7f9bcc74f3fe7  libX11-1.8.7-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
63109f663888b6a2eec04c88030bd375  libX11-1.8.7-x86_64-1_slack14.1.txz

Slackware 14.2 package:
635a1f1d0da8ca4934a6deed776ef978  libX11-1.8.7-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
fda1710211e47201084ae7cf436019f0  libX11-1.8.7-x86_64-1_slack14.2.txz

Slackware 15.0 package:
4ff14baf51ef1178d6facea443104193  libX11-1.8.7-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
16c1034c8f379b1e7036df5a3ab62789  libX11-1.8.7-x86_64-1_slack15.0.txz

Slackware -current package:
04772be58add14ef90681dfbb73c9d61  x/libX11-1.8.7-i586-1.txz

Slackware x86_64 -current package:
c47d9c8c75d7d32357427199ffc3b974  x/libX11-1.8.7-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libX11-1.8.7-i586-1_slack15.0.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAmUclD8ACgkQakRjwEAQIjPQcwCgkj1i7ypROFo/4dfokX90PVdn
XBMAn0MVS6pVHLlVCrFtAN+R4soV3/6N
=fT1V
-----END PGP SIGNATURE-----
Slackware™ is a trademark of Patrick Volkerding.