xorg-x11-server-1.20.4-25.el7

エラータID: AXSA:2024-7356:01

Release date: 
Thursday, January 11, 2024 - 04:29
Subject: 
xorg-x11-server-1.20.4-25.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

* xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)
* xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-6377
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
CVE-2023-6478
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

Solution: 

Update packages.

CVEs: 
CVE-2023-6377
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
CVE-2023-6478
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
Additional Info: 

N/A

Download: 

SRPMS
  1. xorg-x11-server-1.20.4-25.el7.src.rpm
    MD5: 84495af2980d9c24a74ca21a5a80b68d
    SHA-256: 66eae27f72ce6b8ebf06c61525d7f6aef7cb403a56c8232e87a422078a638398
    Size: 5.95 MB

Asianux Server 7 for x86_64
  1. xorg-x11-server-common-1.20.4-25.el7.x86_64.rpm
    MD5: b8cfc00a3271ff1028f3244f5b2521e6
    SHA-256: d97e1dbf199fa0547379848196d54b250fa01a0db8d0a1f1721b615678ec6609
    Size: 56.23 kB
  2. xorg-x11-server-Xephyr-1.20.4-25.el7.x86_64.rpm
    MD5: 95600282e288e8c5c5d74eeec196d439
    SHA-256: 47e3be51073c09972179c56c856658e28f6982d4886622b616f4be8a64fbc83b
    Size: 0.98 MB
  3. xorg-x11-server-Xorg-1.20.4-25.el7.x86_64.rpm
    MD5: 2ad95ed7564e44035a8cae9eb6d00e60
    SHA-256: a0fc572492d462bb98e74be81dd275d5c8ffb5137f84ad68df95d95b9dbee2b3
    Size: 1.45 MB
  4. xorg-x11-server-Xwayland-1.20.4-25.el7.x86_64.rpm
    MD5: b60f83ad61b81a2ea8b510e89a354fd0
    SHA-256: 7cf7c7aa872735c1e32e1723a21275860212937f2adf2951fe7eaf8ddd474151
    Size: 952.14 kB