Security
Headlines
HeadlinesLatestCVEs

Headline

Gentoo Linux Security Advisory 202411-08

Gentoo Linux Security Advisory 202411-8 - A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation. Versions greater than or equal to 21.1.14 are affected.

Packet Storm
#vulnerability#web#mac#linux

Gentoo Linux Security Advisory GLSA 202411-08


                                       https://security.gentoo.org/  

Severity: High
Title: X.Org X server, XWayland: Multiple Vulnerabilities
Date: November 17, 2024
Bugs: #928531, #942465
ID: 202411-08


Synopsis

A vulnerability has been discovered in the Xorg Server and XWayland, the
worst of which can result in privilege escalation.

Background

The X Window System is a graphical windowing system based on a
client/server model.

Affected packages

Package Vulnerable Unaffected


x11-base/xorg-server < 21.1.14 >= 21.1.14
x11-base/xwayland < 24.1.4 >= 24.1.4

Description

Multiple vulnerabilities have been discovered in X.Org X server and
XWayland. Please review the CVE identifiers referenced below for
details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All X.Org X server users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=x11-base/xorg-server-21.1.14”

All XWayland users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=x11-base/xwayland-24.1.4”

References

[ 1 ] CVE-2024-9632
https://nvd.nist.gov/vuln/detail/CVE-2024-9632
[ 2 ] CVE-2024-31080
https://nvd.nist.gov/vuln/detail/CVE-2024-31080
[ 3 ] CVE-2024-31081
https://nvd.nist.gov/vuln/detail/CVE-2024-31081
[ 4 ] CVE-2024-31082
https://nvd.nist.gov/vuln/detail/CVE-2024-31082
[ 5 ] CVE-2024-31083
https://nvd.nist.gov/vuln/detail/CVE-2024-31083

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202411-08

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Related news

Red Hat Security Advisory 2024-9690-03

Red Hat Security Advisory 2024-9690-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

Red Hat Security Advisory 2024-9601-03

Red Hat Security Advisory 2024-9601-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

Red Hat Security Advisory 2024-9579-03

Red Hat Security Advisory 2024-9579-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

Red Hat Security Advisory 2024-9093-03

Red Hat Security Advisory 2024-9093-03 - An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-9093-03

Red Hat Security Advisory 2024-9093-03 - An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-9093-03

Red Hat Security Advisory 2024-9093-03 - An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

Xlibre Xnest 24.1.0 / 24.2.0 Buffer Overflow

Xlibre Xnest versions 24.1.0 and 24.2.0 suffer from a buffer overflow vulnerability that affected Xorg.

Ubuntu Security Notice USN-7085-2

Ubuntu Security Notice 7085-2 - USN-7085-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

Debian Security Advisory 5800-1

Debian Linux Security Advisory 5800-1 - Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.

Ubuntu Security Notice USN-7085-1

Ubuntu Security Notice 7085-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2024-3343-03

Red Hat Security Advisory 2024-3343-03 - An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-3343-03

Red Hat Security Advisory 2024-3343-03 - An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-3343-03

Red Hat Security Advisory 2024-3343-03 - An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-2616-03

Red Hat Security Advisory 2024-2616-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2616-03

Red Hat Security Advisory 2024-2616-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2616-03

Red Hat Security Advisory 2024-2616-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2042-03

Red Hat Security Advisory 2024-2042-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2042-03

Red Hat Security Advisory 2024-2042-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2042-03

Red Hat Security Advisory 2024-2042-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2041-03

Red Hat Security Advisory 2024-2041-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2041-03

Red Hat Security Advisory 2024-2041-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2041-03

Red Hat Security Advisory 2024-2041-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2038-03

Red Hat Security Advisory 2024-2038-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-2038-03

Red Hat Security Advisory 2024-2038-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-2038-03

Red Hat Security Advisory 2024-2038-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-2037-03

Red Hat Security Advisory 2024-2037-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-2037-03

Red Hat Security Advisory 2024-2037-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-2037-03

Red Hat Security Advisory 2024-2037-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-2036-03

Red Hat Security Advisory 2024-2036-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-2036-03

Red Hat Security Advisory 2024-2036-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-2036-03

Red Hat Security Advisory 2024-2036-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Ubuntu Security Notice USN-6721-2

Ubuntu Security Notice 6721-2 - USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice USN-6721-2

Ubuntu Security Notice 6721-2 - USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice USN-6721-2

Ubuntu Security Notice 6721-2 - USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice USN-6721-2

Ubuntu Security Notice 6721-2 - USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.

Ubuntu Security Notice USN-6721-1

Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.

Ubuntu Security Notice USN-6721-1

Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.

Ubuntu Security Notice USN-6721-1

Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.

Ubuntu Security Notice USN-6721-1

Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution