xorg-x11-server-1.20.11-17.el9

エラータID: AXSA:2023-5547:02

Release date: 
Friday, May 26, 2023 - 07:47
Subject: 
xorg-x11-server-1.20.11-17.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

* xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550)
* xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)
* xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)
* xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
* xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
* xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
* xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)
* xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)
* xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.2 Release Notes linked from the References section.

CVE-2022-3550
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.
CVE-2022-3551
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
CVE-2022-4283
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46340
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
CVE-2022-46341
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46342
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
CVE-2022-46343
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46344
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2023-0494
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

Solution: 

Update packages.

CVEs: 
CVE-2022-3550
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.
CVE-2022-3551
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
CVE-2022-4283
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46340
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
CVE-2022-46341
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46342
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
CVE-2022-46343
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46344
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2023-0494
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Additional Info: 

N/A

Download: 

SRPMS
  1. xorg-x11-server-1.20.11-17.el9.src.rpm
    MD5: 57f9744954b68385ffd967ea0d869889
    SHA-256: 3acf05591dc6dcbe7be43420e7ae3058b0177759405993e13805034e74fcae81
    Size: 6.24 MB

Asianux Server 9 for x86_64
  1. xorg-x11-server-common-1.20.11-17.el9.x86_64.rpm
    MD5: a0643f295e814a6843faa9fa5542ff7d
    SHA-256: ffb5f60542925e1d0d53de35a6eb4c248c61ae1256629c5ae882b7d36e9dd232
    Size: 34.40 kB
  2. xorg-x11-server-devel-1.20.11-17.el9.i686.rpm
    MD5: 5f9633bcd5b4e0d0b47a541aa6d43c29
    SHA-256: eb2b59d83bc77a4df74a9a980e11931c130c403ef3fafc70782667fdeb05f96a
    Size: 215.89 kB
  3. xorg-x11-server-devel-1.20.11-17.el9.x86_64.rpm
    MD5: f40b017e6eca121634caf8317e4664ba
    SHA-256: e3708cbf9a0aa4d7a27e104c11bdcb9f95b856b184b1cb0bed4dba89b933988e
    Size: 215.87 kB
  4. xorg-x11-server-source-1.20.11-17.el9.noarch.rpm
    MD5: 8c86ed6f9e34b2234df0d78d5f46c95f
    SHA-256: b952d3eada92a840c2c6f257e305558be73b99e0ed34f5c9ee0b393117c82071
    Size: 2.09 MB
  5. xorg-x11-server-Xdmx-1.20.11-17.el9.x86_64.rpm
    MD5: cbb85b5f09ee8678d7fa5312a8acf43a
    SHA-256: 73303a97fb48185251e4328d07033636f2c8619ae5d4adef30af71ab56566342
    Size: 888.73 kB
  6. xorg-x11-server-Xephyr-1.20.11-17.el9.x86_64.rpm
    MD5: ad45146bb3b4929597c6460bb58a0689
    SHA-256: 04245e6e2bc7d774af498bdd17154c8d3a4dfb435932b072f6d5089a07e9ffa0
    Size: 1.02 MB
  7. xorg-x11-server-Xnest-1.20.11-17.el9.x86_64.rpm
    MD5: 125341866476526c843a3c9c54726fc3
    SHA-256: 65afef9959cff3caf8417a339fa7cbbf9a3e16ed264ed3b7dd4f511c5d4c1bae
    Size: 719.06 kB
  8. xorg-x11-server-Xorg-1.20.11-17.el9.x86_64.rpm
    MD5: aa8b163d739af1248ee51c5fcf3290e1
    SHA-256: 391839039fc9337166050adb09299dda24814e776afd8b44cafeaf05612a4b27
    Size: 1.45 MB
  9. xorg-x11-server-Xvfb-1.20.11-17.el9.x86_64.rpm
    MD5: 1e8295e41a9ade664954e5921641079b
    SHA-256: c286b9d076411402f0e74265fa688b675f4053ea0085a9bc2311b431c81cb92d
    Size: 894.47 kB