CVE-2024-9632: The _XkbSetCompatMap() function attempts to resize the `sym_interpret` buffer. However, It didn't update its size properly. It updated `num_si` only, without updating `size_si`. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh). The above is fixed in: x11-base/xwayland: 24.1.4 x11-base/xorg-server: 21.1.14
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72261e947621455a03db89d1aa060be54db21227 commit 72261e947621455a03db89d1aa060be54db21227 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2024-10-30 01:42:46 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2024-10-30 01:45:27 +0000 x11-base/xorg-server: Version bump to 21.1.14 Bug: https://bugs.gentoo.org/942465 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xorg-server/Manifest | 1 + x11-base/xorg-server/xorg-server-21.1.14.ebuild | 195 ++++++++++++++++++++++++ 2 files changed, 196 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd8904d352fb971fc3d1c9fb78e2b54f0c572c82 commit bd8904d352fb971fc3d1c9fb78e2b54f0c572c82 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2024-10-30 01:40:43 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2024-10-30 01:40:51 +0000 x11-base/xwayland: Version bump to 24.1.4 Bug: https://bugs.gentoo.org/942465 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xwayland/Manifest | 1 + x11-base/xwayland/xwayland-24.1.4.ebuild | 133 +++++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d79b2d4b8afe72c02518708d428ec96fe80b3dd1 commit d79b2d4b8afe72c02518708d428ec96fe80b3dd1 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2024-11-06 01:18:05 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2024-11-06 01:21:39 +0000 x11-base/xorg-server: Drop old versions Bug: https://bugs.gentoo.org/942465 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xorg-server/Manifest | 1 - .../files/xorg-server-21.1.10-fix-c99-32bit.patch | 54 ------ x11-base/xorg-server/xorg-server-21.1.13-r1.ebuild | 197 --------------------- 3 files changed, 252 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9d38db782e6834a127a554309f114f6784c9e3bf commit 9d38db782e6834a127a554309f114f6784c9e3bf Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-11-17 09:49:25 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-11-17 09:49:37 +0000 [ GLSA 202411-08 ] X.Org X server, XWayland: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/928531 Bug: https://bugs.gentoo.org/942465 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202411-08.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6802a1eef6251b412a39824a80bb85273a24ad4 commit b6802a1eef6251b412a39824a80bb85273a24ad4 Author: Viorel Munteanu <ceamac@gentoo.org> AuthorDate: 2024-11-17 12:49:46 +0000 Commit: Viorel Munteanu <ceamac@gentoo.org> CommitDate: 2024-11-17 12:51:14 +0000 net-misc/tigervnc: update xorg-server sources Bug: https://bugs.gentoo.org/942465 Signed-off-by: Viorel Munteanu <ceamac@gentoo.org> net-misc/tigervnc/Manifest | 1 + .../tigervnc/{tigervnc-1.14.1-r1.ebuild => tigervnc-1.14.1-r2.ebuild} | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bc91a98f74717368bddd63539d7b4e06d7934c0 commit 9bc91a98f74717368bddd63539d7b4e06d7934c0 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2024-11-25 19:01:24 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2024-11-25 19:02:18 +0000 x11-base/xwayland: Drop old versions Bug: https://bugs.gentoo.org/942465 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xwayland/Manifest | 2 - x11-base/xwayland/xwayland-24.1.2.ebuild | 133 ------------------------------- x11-base/xwayland/xwayland-24.1.3.ebuild | 133 ------------------------------- 3 files changed, 268 deletions(-)