Headline
RHSA-2023:2248: Red Hat Security Advisory: xorg-x11-server security and bug fix update
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service.
- CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKbdByName function in xkb/xkb.c does not release allocated data when an error is encountered, allowing for a memory leak.
- CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
- CVE-2022-46340: A vulnerability was found in X.Org. The issue occurs due to the swap handler for the XTestFakeInput request of the XTest extension, possibly corrupting the stack if GenericEvents with lengths larger than 32 bytes are sent through the XTestFakeInput request. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where the client and server use the same byte order.
- CVE-2022-46341: A vulnerability was found in X.Org. This issue occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
- CVE-2022-46342: A vulnerability was found in X.Org. This flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
- CVE-2022-46343: A vulnerability was found in X.Org. This issue occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This flaw can lead to local privileges elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
- CVE-2022-46344: A vulnerability was found in X.Org. The issue occurs because the handler for the XIChangeProperty request has a length-validation issue, resulting in out-of-bounds memory reads and potential information disclosure. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
- CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Synopsis
Moderate: xorg-x11-server security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.
Security Fix(es):
- xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550)
- xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)
- xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)
- xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
- xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
- xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
- xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)
- xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2140698 - CVE-2022-3550 xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c
- BZ - 2140701 - CVE-2022-3551 xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c
- BZ - 2148292 - Drop dependency on xorg-x11-font-utils
- BZ - 2151755 - CVE-2022-46340 xorg-x11-server: XTestSwapFakeInput stack overflow
- BZ - 2151756 - CVE-2022-46341 xorg-x11-server: XIPassiveUngrab out-of-bounds access
- BZ - 2151757 - CVE-2022-46342 xorg-x11-server: XvdiSelectVideoNotify use-after-free
- BZ - 2151758 - CVE-2022-46343 xorg-x11-server: ScreenSaverSetAttributes use-after-free
- BZ - 2151760 - CVE-2022-46344 xorg-x11-server: XIChangeProperty out-of-bounds access
- BZ - 2151761 - CVE-2022-4283 xorg-x11-server: XkbGetKbdByName use-after-free
- BZ - 2165995 - CVE-2023-0494 xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
- BZ - 2172116 - xvfb-run "-l" or “–listen-tcp” option does not work
CVEs
- CVE-2022-3550
- CVE-2022-3551
- CVE-2022-4283
- CVE-2022-46340
- CVE-2022-46341
- CVE-2022-46342
- CVE-2022-46343
- CVE-2022-46344
- CVE-2023-0494
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
xorg-x11-server-1.20.11-17.el9.src.rpm
SHA-256: 7c1fdaf36b096dfb9bdcf1d59269043e9c93f5bb71753ffb3ba5cf168a18b961
x86_64
xorg-x11-server-Xdmx-1.20.11-17.el9.x86_64.rpm
SHA-256: ef9533319eabfe028e64f6b4005304d5b59a2e63be16fe0da329cbed250d1797
xorg-x11-server-Xdmx-debuginfo-1.20.11-17.el9.x86_64.rpm
SHA-256: a41385dec890dd891657d34761fd7e29d5e94423dc3fae6b3322bb0b5d812548
xorg-x11-server-Xephyr-1.20.11-17.el9.x86_64.rpm
SHA-256: 805db8d60a5e3d1acaad55e1936b7bb61249981339c57198d216e9ee77d86941
xorg-x11-server-Xephyr-debuginfo-1.20.11-17.el9.x86_64.rpm
SHA-256: 6667fbceb36c3ba9fc1db70e507931ab79fb39735f34313bfad930458630a333
xorg-x11-server-Xnest-1.20.11-17.el9.x86_64.rpm
SHA-256: 5ca7bc4b1795cdfa044cbc434acd138dce28c165629da7a035d0dcd6ed37bb68
xorg-x11-server-Xnest-debuginfo-1.20.11-17.el9.x86_64.rpm
SHA-256: 2e7c2188bd7e7b08595b0a80d7232a7d801e7e3b12c6267932be1903ddf1cee8
xorg-x11-server-Xorg-1.20.11-17.el9.x86_64.rpm
SHA-256: 02023417b37c0284e4c88b841ab64d4b0c2ed4eec8a468288a4f5121282d6ff2
xorg-x11-server-Xorg-debuginfo-1.20.11-17.el9.x86_64.rpm
SHA-256: 8f9c7436be94da5d3662d83c2c2037fc44666e82beffc86a1951e26b40f9c909
xorg-x11-server-Xvfb-1.20.11-17.el9.x86_64.rpm
SHA-256: 78adfc663b663557d6bdea82f71bb49e425c0af78eab997bd379b9c6c949d018
xorg-x11-server-Xvfb-debuginfo-1.20.11-17.el9.x86_64.rpm
SHA-256: 32e79184fef417fb798953e77c7550f092eb364995e0140b14f333b5004dacdd
xorg-x11-server-common-1.20.11-17.el9.x86_64.rpm
SHA-256: 2b1b0b1f2b72555f00fd57137e5fcb2e6a325e50833db56d907e339ba19e2cb0
xorg-x11-server-debuginfo-1.20.11-17.el9.x86_64.rpm
SHA-256: c21347884405a33082016ee749d67fa2c04831d32ab32da9dd50e6c85a344ca5
xorg-x11-server-debugsource-1.20.11-17.el9.x86_64.rpm
SHA-256: 57438a79609e52571d0658b3de7afcdf3a154b4b0766716110f8c2dc3fb452b7
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
xorg-x11-server-1.20.11-17.el9.src.rpm
SHA-256: 7c1fdaf36b096dfb9bdcf1d59269043e9c93f5bb71753ffb3ba5cf168a18b961
s390x
xorg-x11-server-Xdmx-1.20.11-17.el9.s390x.rpm
SHA-256: 04f9453401981ef6ed3df94589ec02ace4f0612c1ef9469a75f0010f207e4353
xorg-x11-server-Xdmx-debuginfo-1.20.11-17.el9.s390x.rpm
SHA-256: f4eadd31046478d0611ee14fc4adf0d45cbbff5cc5c1089c650c35c81b351369
xorg-x11-server-Xephyr-1.20.11-17.el9.s390x.rpm
SHA-256: 434fe69de3d8207695d03fb9c38d2455772276fb8f255c9972235283d24eef5f
xorg-x11-server-Xephyr-debuginfo-1.20.11-17.el9.s390x.rpm
SHA-256: 125fc982d94c7032947bb49c6242cc575499d7c008ae16cb93f0c0bddbe856f8
xorg-x11-server-Xnest-1.20.11-17.el9.s390x.rpm
SHA-256: ec6939561abc61d19df328a251c513d1a82ad4c323dc7f7784bdc92bf44063a8
xorg-x11-server-Xnest-debuginfo-1.20.11-17.el9.s390x.rpm
SHA-256: 634594d3e982c9572cc9e58a24030a0d8da141440b95edc67a304fe8a87082e3
xorg-x11-server-Xorg-1.20.11-17.el9.s390x.rpm
SHA-256: 83c196f37afa6fe39aec909792d11f90f3c8c590b9bc316d1de14f402a964fd6
xorg-x11-server-Xorg-debuginfo-1.20.11-17.el9.s390x.rpm
SHA-256: 5414d5afa0017d116337fcc1518c55e853d8c2c8e050aa143094f9836e662b6d
xorg-x11-server-Xvfb-1.20.11-17.el9.s390x.rpm
SHA-256: a6156a87a03d37ed0f4441ecefd8581ac295360317b23e310aa55af4df8c8ac4
xorg-x11-server-Xvfb-debuginfo-1.20.11-17.el9.s390x.rpm
SHA-256: 47abb461d07c8be48499dcdadb178ef7ebc4ccf3a09fcfa25312143b4e623ee9
xorg-x11-server-common-1.20.11-17.el9.s390x.rpm
SHA-256: 7d014cae52001e31b351863963e23d72e2c1f9175735b4f6db634f622795d671
xorg-x11-server-debuginfo-1.20.11-17.el9.s390x.rpm
SHA-256: fb1e5ca1f8f5832acca5b73609410ea1e5574ab6059a5a53571990f259b59e84
xorg-x11-server-debugsource-1.20.11-17.el9.s390x.rpm
SHA-256: c25c1efa30cfe9d8bd39b35fad0c0d041b12879dc948f66c8c86d0925984a164
Red Hat Enterprise Linux for Power, little endian 9
SRPM
xorg-x11-server-1.20.11-17.el9.src.rpm
SHA-256: 7c1fdaf36b096dfb9bdcf1d59269043e9c93f5bb71753ffb3ba5cf168a18b961
ppc64le
xorg-x11-server-Xdmx-1.20.11-17.el9.ppc64le.rpm
SHA-256: 2311d09e3d8ba4a3c08304a1ec72b2b752a224a17fb36ee463196f01d449ef08
xorg-x11-server-Xdmx-debuginfo-1.20.11-17.el9.ppc64le.rpm
SHA-256: 84789c324ca0fc9294e4955491d753ed4b186bf79abb95aca188da7fce30e743
xorg-x11-server-Xephyr-1.20.11-17.el9.ppc64le.rpm
SHA-256: fb8e65596af0513bee29946505be8e99ffbc127e2c02d270afc351192d5a7012
xorg-x11-server-Xephyr-debuginfo-1.20.11-17.el9.ppc64le.rpm
SHA-256: 1ea84d3bc980d49924d50f482e02130543867431e585ecc2b30660ec9367b130
xorg-x11-server-Xnest-1.20.11-17.el9.ppc64le.rpm
SHA-256: 83669e34f6d06b581436b20c3c60a6c3d11b21da0cdc5cc726d8b474f520a384
xorg-x11-server-Xnest-debuginfo-1.20.11-17.el9.ppc64le.rpm
SHA-256: dfe78065170fd0d88189315787bcda3084333e5e77d5f991a432cde8eece23c5
xorg-x11-server-Xorg-1.20.11-17.el9.ppc64le.rpm
SHA-256: 105598f6ccfd170ebef91629221100e50a2c20d033d1d6e561532ba41d1b1df5
xorg-x11-server-Xorg-debuginfo-1.20.11-17.el9.ppc64le.rpm
SHA-256: cb235d2607754f01960c7e6cc35185702817e6acf1b368897ae64c962b30e2df
xorg-x11-server-Xvfb-1.20.11-17.el9.ppc64le.rpm
SHA-256: 6244e5878b7e5d3b1fb666de91ef4f8e1ff2669d9031eb2367382dd5201e5343
xorg-x11-server-Xvfb-debuginfo-1.20.11-17.el9.ppc64le.rpm
SHA-256: 544a81b5a29afa89d78154bb2fb9aeee9d338ff6f35bca1845f69d3fdb6c574f
xorg-x11-server-common-1.20.11-17.el9.ppc64le.rpm
SHA-256: f8eebc7f4a45e654b82970a7f7e78cca0b16516ac68838a487e92dbcd3a5c0fe
xorg-x11-server-debuginfo-1.20.11-17.el9.ppc64le.rpm
SHA-256: 71ffae1e5910934d7f8304a69c93deee8d120eb3e7b3a7e694c5a3fbe1aad5d6
xorg-x11-server-debugsource-1.20.11-17.el9.ppc64le.rpm
SHA-256: a69d669cb6be1694d4397d7a35d85368db2abf93931e21ba4bc413bc6f5f8da1
Red Hat Enterprise Linux for ARM 64 9
SRPM
xorg-x11-server-1.20.11-17.el9.src.rpm
SHA-256: 7c1fdaf36b096dfb9bdcf1d59269043e9c93f5bb71753ffb3ba5cf168a18b961
aarch64
xorg-x11-server-Xdmx-1.20.11-17.el9.aarch64.rpm
SHA-256: 6135b58ab83af905fb175fbdf4f7e624158df9ab6ce7e1eef123529b141fadc1
xorg-x11-server-Xdmx-debuginfo-1.20.11-17.el9.aarch64.rpm
SHA-256: 5b692370d0745d4e529613b3cf05f2504764674cf99acedbe3494a9479cf68eb
xorg-x11-server-Xephyr-1.20.11-17.el9.aarch64.rpm
SHA-256: fd6446745629252c5c8901332749534112becb4e1505bc2bef31e26ca0af1a9c
xorg-x11-server-Xephyr-debuginfo-1.20.11-17.el9.aarch64.rpm
SHA-256: 1c049c0bfb82398e030572a31fab6bf3806dbea42053fdf9266cde39a498948c
xorg-x11-server-Xnest-1.20.11-17.el9.aarch64.rpm
SHA-256: a6eaff2da53feefe21d3eaa767f4deedfb1b3372fe87e95f96754b369d6d89d3
xorg-x11-server-Xnest-debuginfo-1.20.11-17.el9.aarch64.rpm
SHA-256: 1395b6ded9cd4e6dbf1f5ac4d08f0d7a23f0e72c64acdbfd0d39f0609b6a36d8
xorg-x11-server-Xorg-1.20.11-17.el9.aarch64.rpm
SHA-256: 2df911d0b391c38b4e862e04566cf478340a3e656d06d9008da4bf52cc5f8268
xorg-x11-server-Xorg-debuginfo-1.20.11-17.el9.aarch64.rpm
SHA-256: 27212b89ed05a8556a98eb158fcc4370703f28b46063017df109467c55fff265
xorg-x11-server-Xvfb-1.20.11-17.el9.aarch64.rpm
SHA-256: 050a77870ea2b839897c16ef308e52b101526fb549849d364c7f1b0d70fc8d2a
xorg-x11-server-Xvfb-debuginfo-1.20.11-17.el9.aarch64.rpm
SHA-256: 5414d99468a18516cc388538bc0bda04358049c35b51b53383fe43f0dd6c876f
xorg-x11-server-common-1.20.11-17.el9.aarch64.rpm
SHA-256: c10fbf22f49d2ea103edcccc76283c67cff4f602f4d6c2ea6798fed2c1edbcee
xorg-x11-server-debuginfo-1.20.11-17.el9.aarch64.rpm
SHA-256: 28b154e5d25531f94692b6026cc16d515c0cb201709d3afeb590e5f7f7790827
xorg-x11-server-debugsource-1.20.11-17.el9.aarch64.rpm
SHA-256: 638687e39223b85dc03d02666015cb3f77b30f500f856e3369329d32c197c009
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
xorg-x11-server-Xdmx-debuginfo-1.20.11-17.el9.i686.rpm
SHA-256: 3ae5aa5219995e68988b13e88c8e5711cb8c9ae4ee476d0806e48ce1e07e7e5a
xorg-x11-server-Xdmx-debuginfo-1.20.11-17.el9.x86_64.rpm
SHA-256: a41385dec890dd891657d34761fd7e29d5e94423dc3fae6b3322bb0b5d812548
xorg-x11-server-Xephyr-debuginfo-1.20.11-17.el9.i686.rpm
SHA-256: bce31afffdb72b93720c8cd2a248e5eb6ea1af54f1a5d2c1c219654941c90e93
xorg-x11-server-Xephyr-debuginfo-1.20.11-17.el9.x86_64.rpm
SHA-256: 6667fbceb36c3ba9fc1db70e507931ab79fb39735f34313bfad930458630a333
xorg-x11-server-Xnest-debuginfo-1.20.11-17.el9.i686.rpm
SHA-256: 3afaa71de51452a12ed832020bf71eea4abc61d9dce85b592071bb3b3a47fb74
xorg-x11-server-Xnest-debuginfo-1.20.11-17.el9.x86_64.rpm
SHA-256: 2e7c2188bd7e7b08595b0a80d7232a7d801e7e3b12c6267932be1903ddf1cee8
xorg-x11-server-Xorg-debuginfo-1.20.11-17.el9.i686.rpm
SHA-256: c6ef575312ad9bc7ba9868d8fd607746d38d6cc49aa8f1667d2e3c5385109683
xorg-x11-server-Xorg-debuginfo-1.20.11-17.el9.x86_64.rpm
SHA-256: 8f9c7436be94da5d3662d83c2c2037fc44666e82beffc86a1951e26b40f9c909
xorg-x11-server-Xvfb-debuginfo-1.20.11-17.el9.i686.rpm
SHA-256: 322992c231d9f57f468184c6be7b4e4d11b6c965604260f11614b0d9c46e5764
xorg-x11-server-Xvfb-debuginfo-1.20.11-17.el9.x86_64.rpm
SHA-256: 32e79184fef417fb798953e77c7550f092eb364995e0140b14f333b5004dacdd
xorg-x11-server-debuginfo-1.20.11-17.el9.i686.rpm
SHA-256: 55c261168f356637a6076f496f5cbed37230b6224a3ad70e3741216803cff894
xorg-x11-server-debuginfo-1.20.11-17.el9.x86_64.rpm
SHA-256: c21347884405a33082016ee749d67fa2c04831d32ab32da9dd50e6c85a344ca5
xorg-x11-server-debugsource-1.20.11-17.el9.i686.rpm
SHA-256: 796006434c574971e426b3ee70dbe3ef99771b1ddda3298098c540021c9dd522
xorg-x11-server-debugsource-1.20.11-17.el9.x86_64.rpm
SHA-256: 57438a79609e52571d0658b3de7afcdf3a154b4b0766716110f8c2dc3fb452b7
xorg-x11-server-devel-1.20.11-17.el9.i686.rpm
SHA-256: 3549ea18031f75ca9e9fcdc09dfebb015b0dda919811730cdd489d184e3077ff
xorg-x11-server-devel-1.20.11-17.el9.x86_64.rpm
SHA-256: 2664960b9732e988873cab711949b355f0ee89581fbe362814b89c61bc653305
xorg-x11-server-source-1.20.11-17.el9.noarch.rpm
SHA-256: 81dae3cfd2e622a3000e1c75ff7c8654a3c7066e2ea5ce4d88fe0c533ca95078
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
xorg-x11-server-Xdmx-debuginfo-1.20.11-17.el9.ppc64le.rpm
SHA-256: 84789c324ca0fc9294e4955491d753ed4b186bf79abb95aca188da7fce30e743
xorg-x11-server-Xephyr-debuginfo-1.20.11-17.el9.ppc64le.rpm
SHA-256: 1ea84d3bc980d49924d50f482e02130543867431e585ecc2b30660ec9367b130
xorg-x11-server-Xnest-debuginfo-1.20.11-17.el9.ppc64le.rpm
SHA-256: dfe78065170fd0d88189315787bcda3084333e5e77d5f991a432cde8eece23c5
xorg-x11-server-Xorg-debuginfo-1.20.11-17.el9.ppc64le.rpm
SHA-256: cb235d2607754f01960c7e6cc35185702817e6acf1b368897ae64c962b30e2df
xorg-x11-server-Xvfb-debuginfo-1.20.11-17.el9.ppc64le.rpm
SHA-256: 544a81b5a29afa89d78154bb2fb9aeee9d338ff6f35bca1845f69d3fdb6c574f
xorg-x11-server-debuginfo-1.20.11-17.el9.ppc64le.rpm
SHA-256: 71ffae1e5910934d7f8304a69c93deee8d120eb3e7b3a7e694c5a3fbe1aad5d6
xorg-x11-server-debugsource-1.20.11-17.el9.ppc64le.rpm
SHA-256: a69d669cb6be1694d4397d7a35d85368db2abf93931e21ba4bc413bc6f5f8da1
xorg-x11-server-devel-1.20.11-17.el9.ppc64le.rpm
SHA-256: 6a28a05cd5718520b0df387c3cde6506f0aa45122500b84b442311b1e00d587f
xorg-x11-server-source-1.20.11-17.el9.noarch.rpm
SHA-256: 81dae3cfd2e622a3000e1c75ff7c8654a3c7066e2ea5ce4d88fe0c533ca95078
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
xorg-x11-server-Xdmx-debuginfo-1.20.11-17.el9.aarch64.rpm
SHA-256: 5b692370d0745d4e529613b3cf05f2504764674cf99acedbe3494a9479cf68eb
xorg-x11-server-Xephyr-debuginfo-1.20.11-17.el9.aarch64.rpm
SHA-256: 1c049c0bfb82398e030572a31fab6bf3806dbea42053fdf9266cde39a498948c
xorg-x11-server-Xnest-debuginfo-1.20.11-17.el9.aarch64.rpm
SHA-256: 1395b6ded9cd4e6dbf1f5ac4d08f0d7a23f0e72c64acdbfd0d39f0609b6a36d8
xorg-x11-server-Xorg-debuginfo-1.20.11-17.el9.aarch64.rpm
SHA-256: 27212b89ed05a8556a98eb158fcc4370703f28b46063017df109467c55fff265
xorg-x11-server-Xvfb-debuginfo-1.20.11-17.el9.aarch64.rpm
SHA-256: 5414d99468a18516cc388538bc0bda04358049c35b51b53383fe43f0dd6c876f
xorg-x11-server-debuginfo-1.20.11-17.el9.aarch64.rpm
SHA-256: 28b154e5d25531f94692b6026cc16d515c0cb201709d3afeb590e5f7f7790827
xorg-x11-server-debugsource-1.20.11-17.el9.aarch64.rpm
SHA-256: 638687e39223b85dc03d02666015cb3f77b30f500f856e3369329d32c197c009
xorg-x11-server-devel-1.20.11-17.el9.aarch64.rpm
SHA-256: d5fc67ddfb2a2e93ffab955f2199af42428b2432b57b08e724d27b8daa206803
xorg-x11-server-source-1.20.11-17.el9.noarch.rpm
SHA-256: 81dae3cfd2e622a3000e1c75ff7c8654a3c7066e2ea5ce4d88fe0c533ca95078
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
xorg-x11-server-Xdmx-debuginfo-1.20.11-17.el9.s390x.rpm
SHA-256: f4eadd31046478d0611ee14fc4adf0d45cbbff5cc5c1089c650c35c81b351369
xorg-x11-server-Xephyr-debuginfo-1.20.11-17.el9.s390x.rpm
SHA-256: 125fc982d94c7032947bb49c6242cc575499d7c008ae16cb93f0c0bddbe856f8
xorg-x11-server-Xnest-debuginfo-1.20.11-17.el9.s390x.rpm
SHA-256: 634594d3e982c9572cc9e58a24030a0d8da141440b95edc67a304fe8a87082e3
xorg-x11-server-Xorg-debuginfo-1.20.11-17.el9.s390x.rpm
SHA-256: 5414d5afa0017d116337fcc1518c55e853d8c2c8e050aa143094f9836e662b6d
xorg-x11-server-Xvfb-debuginfo-1.20.11-17.el9.s390x.rpm
SHA-256: 47abb461d07c8be48499dcdadb178ef7ebc4ccf3a09fcfa25312143b4e623ee9
xorg-x11-server-debuginfo-1.20.11-17.el9.s390x.rpm
SHA-256: fb1e5ca1f8f5832acca5b73609410ea1e5574ab6059a5a53571990f259b59e84
xorg-x11-server-debugsource-1.20.11-17.el9.s390x.rpm
SHA-256: c25c1efa30cfe9d8bd39b35fad0c0d041b12879dc948f66c8c86d0925984a164
xorg-x11-server-devel-1.20.11-17.el9.s390x.rpm
SHA-256: b4a851ec6c4557cf8fd58ca8fbe3cb523b51d310a76709afdcca197f13afe525
xorg-x11-server-source-1.20.11-17.el9.noarch.rpm
SHA-256: 81dae3cfd2e622a3000e1c75ff7c8654a3c7066e2ea5ce4d88fe0c533ca95078
Related news
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Red Hat Security Advisory 2023-0671-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code exec...
Red Hat Security Advisory 2023-0664-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0665-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0623-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
Debian Linux Security Advisory 5342-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user.
An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5740-1 - It was discovered that X.Org X Server incorrectly handled certain inputs. An attacker could use these issues to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5740-1 - It was discovered that X.Org X Server incorrectly handled certain inputs. An attacker could use these issues to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2022-8491-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include buffer overflow and memory leak vulnerabilities.
Red Hat Security Advisory 2022-8491-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include buffer overflow and memory leak vulnerabilities.
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c * CVE-2022-3551: xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c * CVE-2022-3551: xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c
Debian Linux Security Advisory 5278-1 - It was discovered that a buffer overflow in the _getCountedString() function of the Xorg X server may result in denial of service or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5278-1 - It was discovered that a buffer overflow in the _getCountedString() function of the Xorg X server may result in denial of service or potentially the execution of arbitrary code.
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.