it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 4920-1] libx11 security update
- Date: Mon, 24 May 2021 07:08:00 +0000
- Authentication-results: mail02.piratenpartei.de; dkim=none; spf=none (mail02.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/E1ll4gy-000164-Ti AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=P43gco9/MFMBge6tMno/+9x7l3c9b7S9O+PBFO3bmLc=; b=KK ychateEqWaJ9xkN2swb7xf5INzAJUwKNwaPFxZt9tM05s49M+8lowFFP0fYLTjDgPWNQ2JbIRjEcl yS8ijxcP5j7+kfOZ8R7djunm2b1yQS0+CYh9yBdMQx6W+xPPC9jDP9qht1+m22jFo5hNQlGiqKqOI sup3OkHBc33GuD6nEp3EHAKOHp9+rhv5LAK++q+tnf9C11P/5XmAnNIWlga1xkr8SL3kssyOiXpdH FwjA6802j4EmGRKqHYYvt+FjoPDJUQMqmaCg7nCqSdWxw4M6Ito49DJJyeTurw8+/YsU9CDDoc1jA JDvxuIixR3yluyi/F/aylWgRZbUG0uiw==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Mon, 24 May 2021 07:08:21 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <1JcExicF5yI.A.A0D.kD1qgB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4920-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 24, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libx11
CVE ID : CVE-2021-31535
Debian Bug : 988737
Roman Fiedler reported that missing length validation in various
functions provided by libx11, the X11 client-side library, allow
to inject X11 protocol commands on X clients, leading to
authentication bypass, denial of service or potentially the
execution of arbitrary code.
For the stable distribution (buster), this problem has been fixed in
version 2:1.6.7-1+deb10u2.
We recommend that you upgrade your libx11 packages.
For the detailed security status of libx11 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libx11
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCrUBlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TLhQ/7BKGG6XKccCp9tE/2doEE3gTORVY8ofgcB7u7BzNzR+B+RM1O81/UY0oA
lhLGrtWzuPs+2aUtv9T+uknWEHOgTNzaGxi7zGh+xo8VxF9z/mYz0mdnSNJ+BR7H
GjzDUQYlHdihyAQR40EfqwQhWkaTgH2bA8bJO9VipdtSagD+SXXsSU4Tu5147p9e
+HWxzmUxRD1D2aEfN3FYx7yZDyFg2QCKz57m0DKxNQNs6sYA/HQtfxDlmfTejWH/
auMVV0+66bBi3VdVLLopy+3scPYDGMNMX34NuL/x+F2ByJmTu+7+O6vCw17IZvRb
kbsrmKPCJoX1hxHTxwcYD/kuXXRLU8MzAerSA+aV8RbQTIhvcfUWr3p2nne2sqcW
5nO0VLQVD+ing+osQaB8dpF8JuE/AyknZpQFKldD6mewjBHz6+wvOtU0Ay/TDTe3
fYCZPAKric/irKUfSf9euGiGJhDOcCl4QtstBzNxC15Lw8t7b4W5VVlGrB/ipzvh
QUsUYjI6OWP+WPLJV1DrPQPVtct7YSNQsZ9da3YZ8/WLC92Om9EOOiZCHqHa8Zd5
yjheHQRp7rnXLGaXxpy25hvtac+RZpNltb3kfqYOwlpV5l0NshJ1iwMmd90ICedK
DMcoKXohHmv6RfY3mo4wh0JOl7iyEauTs+nJ2JfpfI6Z/QQE0Cs=
=Ymz2
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 4920-1] libx11 security update, Salvatore Bonaccorso, 24.05.2021
Archiv bereitgestellt durch MHonArc 2.6.24.