xorg-x11-server-1.20.4-21.el7

エラータID: AXSA:2023-4658:01

Release date: 
Wednesday, January 11, 2023 - 02:19
Subject: 
xorg-x11-server-1.20.4-21.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

* xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free (CVE-2022-4283)
* xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow (CVE-2022-46340)
* xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
* xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
* xorg-x11-server: X.Org Server ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
* xorg-x11-server: X.Org Server XIChangeProperty out-of-bounds access (CVE-2022-46344)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-4283
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46340
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
CVE-2022-46341
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46342
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
CVE-2022-46343
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46344
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. xorg-x11-server-1.20.4-21.el7.src.rpm
    MD5: 233a8a7151c9c5ddcbe1759c453b4bb7
    SHA-256: a44ca4784418f8acbde3ceda003a7bd090a427cab407712873c39c90a46ce5c2
    Size: 5.94 MB

Asianux Server 7 for x86_64
  1. xorg-x11-server-common-1.20.4-21.el7.x86_64.rpm
    MD5: 349b012ce30c848198390167df6061ae
    SHA-256: 345a5faede60b9a2e92521f9aa26b0c8de911a61956b27aaabe5347358ef641d
    Size: 55.70 kB
  2. xorg-x11-server-Xephyr-1.20.4-21.el7.x86_64.rpm
    MD5: ec0f4a813f7a2806898d66f77fadfe8e
    SHA-256: f68f6ff52c569962434058c112e21142f5459a1932a97c4185de6f80e50d7eb7
    Size: 0.98 MB
  3. xorg-x11-server-Xorg-1.20.4-21.el7.x86_64.rpm
    MD5: a2e0db4f77246153a13e2c30eb587db0
    SHA-256: 888dfbabcec7a79a126aadb28638f5c50d840f10deb923d192f77b44d9bb094d
    Size: 1.45 MB
  4. xorg-x11-server-Xwayland-1.20.4-21.el7.x86_64.rpm
    MD5: 6fc2ac50dd8fd7d6071cc3d186f378c9
    SHA-256: 64300277441584b9b21a4782b6ba5ae4e982e7d42a3e100028e33131a18dfeb8
    Size: 951.37 kB