xorg-x11-server-1.20.4-19.el7

エラータID: AXSA:2022-4082:03

Release date: 
Thursday, November 17, 2022 - 00:29
Subject: 
xorg-x11-server-1.20.4-19.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

* xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550)
* xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-3550
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.
CVE-2022-3551
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.

Solution: 

Update packages.

CVEs: 
CVE-2022-3550
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.
CVE-2022-3551
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
Additional Info: 

N/A

Download: 

SRPMS
  1. xorg-x11-server-1.20.4-19.el7.src.rpm
    MD5: a1628694d0bbdc98c7bae43b392a0ff6
    SHA-256: 8ec23362da739f42228cf5b1c2fd5c404e18add551f88cf46039bcedd5f95860
    Size: 5.94 MB

Asianux Server 7 for x86_64
  1. xorg-x11-server-common-1.20.4-19.el7.x86_64.rpm
    MD5: 9a21212a03a9b78dd1aa2b30947f4d24
    SHA-256: cfbda4733752b4bb6d110626f8bf03068da335adeb57c420e9bc3e2a9f26a7d2
    Size: 55.36 kB
  2. xorg-x11-server-Xephyr-1.20.4-19.el7.x86_64.rpm
    MD5: 8e71b33abc25b553390c5f3397d52c7c
    SHA-256: 39cd9d9934b4b0d836a60f4244fd611c5f762384b2624fed0a0931fe04d31367
    Size: 0.98 MB
  3. xorg-x11-server-Xorg-1.20.4-19.el7.x86_64.rpm
    MD5: 4b13c8f05eea6928de4246e838da84e5
    SHA-256: 0a6feb59679ca900f3bb55a409cf34da48ea9b63d4020fa8b2f66b0ee35aa709
    Size: 1.45 MB
  4. xorg-x11-server-Xwayland-1.20.4-19.el7.x86_64.rpm
    MD5: bee32d4860e6abfc641566fad2a1fa08
    SHA-256: 18282631aea7424d510492fe96c1bdae8875a9fe034a025455b52b92a9072f86
    Size: 950.94 kB