Multiple input validation failures in X server extensions ========================================================= All theses issues can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. * CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access The handler for the ProcXkbSetGeometry request of the Xkb extension does not properly validate the request length leading to out of bounds memory write. * CVE-2022-2320/ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access The handler for the ProcXkbSetDeviceInfo request of the Xkb extension does not properly validate the request length leading to out of bounds memory write.
Dropping version from summary as there's no fixed version in tree yet.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca3090608d19325d661cd5adcc0bacae1f27e631 commit ca3090608d19325d661cd5adcc0bacae1f27e631 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-07-12 22:40:07 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-07-12 23:54:02 +0000 x11-base/xwayland: Version bump to 22.1.3 Bug: https://bugs.gentoo.org/857780 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xwayland/Manifest | 1 + x11-base/xwayland/xwayland-22.1.3.ebuild | 100 +++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e34eee57d1bdb2ed4b9655b0e040190f8dce458 commit 8e34eee57d1bdb2ed4b9655b0e040190f8dce458 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-07-12 22:39:48 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-07-12 23:54:02 +0000 x11-base/xorg-server: Version bump to 21.1.4 Bug: https://bugs.gentoo.org/857780 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xorg-server/Manifest | 1 + x11-base/xorg-server/xorg-server-21.1.4.ebuild | 188 +++++++++++++++++++++++++ 2 files changed, 189 insertions(+)
Matt mentioned that the old xorg series will need a release (1.20.x).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=131060c8153116f05ddcee1a3f3e43cbe4c6587d commit 131060c8153116f05ddcee1a3f3e43cbe4c6587d Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-08-29 23:47:35 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-08-29 23:51:04 +0000 profiles: Mask x11-base/xorg-server-1.20 for removal Bug: https://bugs.gentoo.org/857780 Signed-off-by: Matt Turner <mattst88@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+)
Thanks Matt!
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d903ef303340948f964b5f3ec4991a84fef98411 commit d903ef303340948f964b5f3ec4991a84fef98411 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:25:37 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:16 +0000 [ GLSA 202210-30 ] X.Org X server, XWayland: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/857780 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-30.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+)
GLSA released, all done!
