xorg-x11-server-Xwayland-21.1.3-16.el8
エラータID: AXSA:2024-8340:03
リリース日:
2024/06/18 Tuesday - 15:56
題名:
xorg-x11-server-Xwayland-21.1.3-16.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.org の ProcXIGetSelectedEvents() 関数には、ヒープ領域
の範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントから
の操作を介して、情報の漏洩、およびサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-31080)
- X.org の ProcXIPassiveGrabDevice() 関数には、ヒープ領域
の範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントから
の操作を介して、情報の漏洩、およびサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-31081)
- X.org の ProcRenderAddGlyphs() 関数には、メモリ領域の
解放後利用の問題があるため、認証されたローカルの攻撃者
により、細工されたリクエストの送信を介して、任意のコード
の実行を可能とする脆弱性が存在します。(CVE-2024-31083)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-31080
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31081
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31083
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
追加情報:
N/A
ダウンロード:
SRPMS
- xorg-x11-server-Xwayland-21.1.3-16.el8.src.rpm
MD5: b43942ccc23f5328dd6926b4800989f7
SHA-256: c17da41cf1283bedcbe5ecbb055e11a64bb36dcf75be03306d8534092f0abaa4
Size: 1.25 MB
Asianux Server 8 for x86_64
- xorg-x11-server-Xwayland-21.1.3-16.el8.x86_64.rpm
MD5: 89d4f6418084e55a312b5cb6c78c6762
SHA-256: 41d623cfab7d7a5abcade0c9f77e63265c044da75c80f888abc8e180c73eac8f
Size: 965.54 kB
English