Bug 1961822 (CVE-2021-31535) - CVE-2021-31535 libX11: missing request length checks
Summary: CVE-2021-31535 libX11: missing request length checks
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-31535
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1962558 1962559 1961823 1962438 1962439 1962440 1962552 1962553 1962554 1962555 1962556 1962557 1962560 1962561 1970762 2048283
Blocks: 1961824
TreeView+ depends on / blocked
 
Reported: 2021-05-18 19:14 UTC by Guilherme de Almeida Suckevicz
Modified: 2025-04-04 12:53 UTC (History)
41 users (show)

Fixed In Version: libX11 1.7.1
Clone Of:
Environment:
Last Closed: 2021-08-30 11:57:23 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:3309 0 None None None 2021-08-30 12:25:42 UTC
Red Hat Product Errata RHBA-2021:3310 0 None None None 2021-08-30 13:03:51 UTC
Red Hat Product Errata RHBA-2021:3311 0 None None None 2021-08-30 13:09:24 UTC
Red Hat Product Errata RHBA-2021:3313 0 None None None 2021-08-30 13:30:18 UTC
Red Hat Product Errata RHBA-2021:3389 0 None None None 2021-08-31 12:38:49 UTC
Red Hat Product Errata RHBA-2021:3390 0 None None None 2021-08-31 12:39:19 UTC
Red Hat Product Errata RHBA-2021:3391 0 None None None 2021-08-31 12:40:03 UTC
Red Hat Product Errata RHBA-2021:3406 0 None None None 2021-09-01 14:58:15 UTC
Red Hat Product Errata RHBA-2021:3409 0 None None None 2021-09-01 23:46:49 UTC
Red Hat Product Errata RHBA-2021:3410 0 None None None 2021-09-02 09:40:46 UTC
Red Hat Product Errata RHBA-2021:3412 0 None None None 2021-09-02 15:10:21 UTC
Red Hat Product Errata RHBA-2021:3480 0 None None None 2021-09-09 12:51:57 UTC
Red Hat Product Errata RHBA-2021:3551 0 None None None 2021-09-15 15:29:45 UTC
Red Hat Product Errata RHBA-2021:3560 0 None None None 2021-09-20 12:52:49 UTC
Red Hat Product Errata RHBA-2021:3651 0 None None None 2021-09-23 11:07:43 UTC
Red Hat Product Errata RHBA-2021:3693 0 None None None 2021-09-29 13:07:40 UTC
Red Hat Product Errata RHSA-2021:3296 0 None None None 2021-08-30 08:48:35 UTC
Red Hat Product Errata RHSA-2021:3477 0 None None None 2021-09-09 09:22:13 UTC
Red Hat Product Errata RHSA-2021:4326 0 None None None 2021-11-09 18:15:33 UTC

Description Guilherme de Almeida Suckevicz 2021-05-18 19:14:36 UTC
XLookupColor() and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application (for instance a color name that can be emitted via a terminal control sequence) it can lead to the emission of extra X protocol requests to the X server.

References:
https://www.openwall.com/lists/oss-security/2021/05/18/2
https://www.openwall.com/lists/oss-security/2021/05/18/3

Comment 1 Guilherme de Almeida Suckevicz 2021-05-18 19:14:56 UTC
Created libX11 tracking bugs for this issue:

Affects: fedora-all [bug 1961823]

Comment 9 Corentin LABBE 2021-07-20 09:40:07 UTC
Hello
I have backported myself fixes to libX11-1.6.7-3.el7_9 for this CVE but I would like that fixes be in upstream RHEL7/Centos7.
You can find fixes at https://github.com/montjoie/centos-libX11/commits/c7-backport
Regards

Comment 10 Sami Farin 2021-07-24 07:28:06 UTC
Fedora 33 still has the vulnerable version 1.6.12.

Comment 11 errata-xmlrpc 2021-08-30 08:48:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3296 https://access.redhat.com/errata/RHSA-2021:3296

Comment 12 Product Security DevOps Team 2021-08-30 11:57:23 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-31535

Comment 13 errata-xmlrpc 2021-09-09 09:22:12 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2021:3477 https://access.redhat.com/errata/RHSA-2021:3477

Comment 14 errata-xmlrpc 2021-11-09 18:15:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4326 https://access.redhat.com/errata/RHSA-2021:4326


Note You need to log in before you can comment on or make changes to this bug.