Security
Headlines
HeadlinesLatestCVEs

Headline

Xlibre Xnest 24.1.0 / 24.2.0 Buffer Overflow

Xlibre Xnest versions 24.1.0 and 24.2.0 suffer from a buffer overflow vulnerability that affected Xorg.

Packet Storm
#vulnerability#linux#git#buffer_overflow#sap
XLibre project security advisory---------------------------------As Xlibre Xnest is based on Xorg, it is affected by some security issueswhich recently became known in Xorg: CVE-2024-9632: can be triggered by providing a modified bitmap to theX.Org server. CVE-2024-9632: Heap-based buffer overflow privilege escalation in_XkbSetCompatMapSee:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9632Affected versions:  * 24.1.0  * 24.2.024.1.x release:   Repo:   https://gitlab.freedesktop.org/metux/xserver.git   Branch: xlibre/xnest/24.1   Tag:    xnest-24.1.1   SHA:    11450b0946c1035944c5946d665f21f83356b6b924.2.x release:   Repo:   https://gitlab.freedesktop.org/metux/xserver.git   Branch: xlibre/xnest/24.2   Tag:    xnest-24.2.1   SHA:    9a6aec9bf62b6bdd75795a5e28648d4af07fe413These bugfix branches also contain several other pointer and boundsrelated problems that haven't been rated as possibly exploitable yet,but no other unnecessary changes which don't fix actual bugs.All users are strongly advised to upgrade to the fixed mainenancereleases ASAP.--mtx-----Enrico Weigelt, metux IT consultFree software and Linux embedded [email protected] -- +49-151-27565287

Related news

Red Hat Security Advisory 2024-9690-03

Red Hat Security Advisory 2024-9690-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

Gentoo Linux Security Advisory 202411-08

Gentoo Linux Security Advisory 202411-8 - A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation. Versions greater than or equal to 21.1.14 are affected.

Red Hat Security Advisory 2024-9601-03

Red Hat Security Advisory 2024-9601-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

Red Hat Security Advisory 2024-9579-03

Red Hat Security Advisory 2024-9579-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

Ubuntu Security Notice USN-7085-2

Ubuntu Security Notice 7085-2 - USN-7085-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

Debian Security Advisory 5800-1

Debian Linux Security Advisory 5800-1 - Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.

Ubuntu Security Notice USN-7085-1

Ubuntu Security Notice 7085-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution