XLookupColor() and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application (for instance a color name that can be emitted via a terminal control sequence) it can lead to the emission of extra X protocol requests to the X server. References: https://www.openwall.com/lists/oss-security/2021/05/18/2 https://www.openwall.com/lists/oss-security/2021/05/18/3
Created libX11 tracking bugs for this issue: Affects: fedora-all [bug 1961823]
Upstream patch: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605
Hello I have backported myself fixes to libX11-1.6.7-3.el7_9 for this CVE but I would like that fixes be in upstream RHEL7/Centos7. You can find fixes at https://github.com/montjoie/centos-libX11/commits/c7-backport Regards
Fedora 33 still has the vulnerable version 1.6.12.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3296 https://access.redhat.com/errata/RHSA-2021:3296
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-31535
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2021:3477 https://access.redhat.com/errata/RHSA-2021:3477
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4326 https://access.redhat.com/errata/RHSA-2021:4326