xorg-x11-server-1.20.4-27.el7
エラータID: AXSA:2024-7440:02
リリース日:
2024/01/23 Tuesday - 02:59
題名:
xorg-x11-server-1.20.4-27.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.Org の Xserver には、X11 プロトコル上許容されているマウス
ボタン数よりも少ないボタン数分のメモリ領域しか確保していないこと
に起因するヒープ領域のオーバーフローの問題があるため、ローカルの
攻撃者により、細工された DeviceFocusEvent もしくは XIQueryPointer
メッセージを介して、メモリ破壊、およびサービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2023-6816)
- X.Org には、XACE フック処理の呼び出しの欠落により GLX PBuffer
の生成時にラベルを付与しない問題があるため、ローカルの攻撃者に
より、対象のバッファーにアクセスするための GetGeometry などの
リクエストの発行や、対象のバッファーにアクセスする別のリソースの
作成などを介して、サービス拒否攻撃 (クラッシュの発生) を可能と
する脆弱性が存在します。(CVE-2024-0408)
- X.Org の Xephyr および Xwayland のマウスカーソルの生成処理には、
誤ったキーで内部データを生成してしまう問題があるため、ローカル
の攻撃者により、SELinux のコンテキストの破壊を可能とする脆弱性が
存在します。(CVE-2024-0409)
現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
CVE-2024-0229
CVE-2024-21885
CVE-2024-21886
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-6816
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
CVE-2024-0229
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-0408
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
CVE-2024-0409
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
CVE-2024-21885
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-21886
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- xorg-x11-server-1.20.4-27.el7.src.rpm
MD5: 8bd9b5120de9468a833cd8424f1151d9
SHA-256: bc648503776db61312dd8ba84712e9d87540d1da19d5f52b04563280c1c45af6
Size: 5.96 MB
Asianux Server 7 for x86_64
- xorg-x11-server-common-1.20.4-27.el7.x86_64.rpm
MD5: 0e5cd46db0da4fa515bd6e3cb1331579
SHA-256: 7e7b0eb52a178b761421302d9983b048e65e51dfbeb1ab2ac5320cec4936f4e4
Size: 56.82 kB - xorg-x11-server-Xephyr-1.20.4-27.el7.x86_64.rpm
MD5: bbaef943ba4b572bd40c94878d52c544
SHA-256: e9798447283817959442cff1c9d158c88064398deec0ac9eca3283c62920ee91
Size: 0.98 MB - xorg-x11-server-Xorg-1.20.4-27.el7.x86_64.rpm
MD5: a813bcbe1353420b885953080ccfe768
SHA-256: a1843d2ebf3497826ce54d060b81b11209286096e55612cbe636def95c5c5018
Size: 1.45 MB - xorg-x11-server-Xwayland-1.20.4-27.el7.x86_64.rpm
MD5: 183c1fa5a7fdfe0e92f75d0891099d63
SHA-256: 01395c42446e3e5a24a48d0e7b6314ddd1826b81cf0982d11007817652ac3516
Size: 952.50 kB