moderate: botan2/libX11 security update
moderate
An update for botan2/libX11 is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
botan2:
libX11:
Security Fix(es):
botan2: Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5.(CVE-2024-34702)
botan2: A flaw was found in Botan. X.509 certificates can identify elliptic curves using either an object identifier or explicit encoding of the parameters. This flaw allows an attacker to present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The POC used a 16Kbit prime for this purpose. When parsing the parameter is checked to be prime, it causes excessive computation.(CVE-2024-34703)
botan2: An authorization error flaw was found in the Botan cryptographic library. When parsing name constraint extensions, if the extension includes both permitted subtrees and excluded subtrees, only the permitted subtree is checked, leading to a name being permitted which is excluded by the subtree, resulting in loss of integrity.(CVE-2024-39312)
botan2: Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.(CVE-2024-50382)
botan2: bugfix
libX11: A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.(CVE-2023-43785)
libX11: A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.(CVE-2023-43786)
libX11: A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.(CVE-2023-43787)
libX11: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.