CVE-2023-6816 (https://access.redhat.com/security/cve/CVE-2023-6816): A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used. CVE-2024-0229 (https://access.redhat.com/security/cve/cve-2024-0229): An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device, which may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. CVE-2024-0408 (https://access.redhat.com/security/cve/CVE-2024-0408): SELinux unlabeled GLX PBuffer CVE-2024-0409 (https://access.redhat.com/security/cve/CVE-2024-0409): SELinux context corruption CVE-2024-21885 (https://access.redhat.com/security/cve/CVE-2024-21885): A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments. CVE-2024-21886 (https://access.redhat.com/security/cve/CVE-2024-21886): A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments. I could not find any official releases from X11 or the XWayland teams regarding these
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc1106f96e16b0fe52503e4590924fc6359a167d commit cc1106f96e16b0fe52503e4590924fc6359a167d Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2024-01-24 16:51:50 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2024-01-24 17:00:44 +0000 x11-base/xwayland: Drop old versions Bug: https://bugs.gentoo.org/922395 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xwayland/Manifest | 1 - x11-base/xwayland/xwayland-23.2.3-r1.ebuild | 112 ---------------------------- x11-base/xwayland/xwayland-23.2.3.ebuild | 109 --------------------------- 3 files changed, 222 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ebedef790e0fce465c97b698e866f03aa635808 commit 3ebedef790e0fce465c97b698e866f03aa635808 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2024-01-26 04:52:04 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2024-01-26 04:52:33 +0000 x11-base/xorg-server: Drop old versions Bug: https://bugs.gentoo.org/922395 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xorg-server/Manifest | 1 - x11-base/xorg-server/xorg-server-21.1.10-r1.ebuild | 194 --------------------- 2 files changed, 195 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=7b7fdd5a86cd28fc118fb133c98e81e2b15e0b92 commit 7b7fdd5a86cd28fc118fb133c98e81e2b15e0b92 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-31 11:33:19 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-31 11:35:22 +0000 [ GLSA 202401-30 ] X.Org X Server, XWayland: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/916254 Bug: https://bugs.gentoo.org/919803 Bug: https://bugs.gentoo.org/922395 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-30.xml | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+)