xorg-x11-server-1.20.11-23.el8
エラータID: AXSA:2024-8367:09
リリース日:
2024/06/18 Tuesday - 17:36
題名:
xorg-x11-server-1.20.11-23.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- X.org の ProcXIGetSelectedEvents() 関数には、ヒープ領域
の範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントから
の操作を介して、情報の漏洩、およびサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-31080)
- X.org の ProcXIPassiveGrabDevice() 関数には、ヒープ領域
の範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントから
の操作を介して、情報の漏洩、およびサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-31081)
- X.org の ProcRenderAddGlyphs() 関数には、メモリ領域の
解放後利用の問題があるため、認証されたローカルの攻撃者
により、細工されたリクエストの送信を介して、任意のコード
の実行を可能とする脆弱性が存在します。(CVE-2024-31083)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-31080
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31081
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31083
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
追加情報:
N/A
ダウンロード:
SRPMS
- xorg-x11-server-1.20.11-23.el8.src.rpm
MD5: 419f61934927ec98b305ae0e05414327
SHA-256: f83bedebcd3a26f57369d9a8d1e34ba19ecbfb8c6bbd98ba50a9e0403e8852f2
Size: 6.27 MB
Asianux Server 8 for x86_64
- xorg-x11-server-common-1.20.11-23.el8.x86_64.rpm
MD5: b9011cc88e0bfc86f7478228e04ecbd8
SHA-256: 5212bdc6d41b896e18c16f01edb582212f0772207c286fa6f7885ed099acf36b
Size: 44.02 kB - xorg-x11-server-devel-1.20.11-23.el8.i686.rpm
MD5: afaa509b3fefc76fb849d477da9d75ec
SHA-256: 65b8eb4024b1778ca31a31ad01b6f02c2829d757f42c4a8900cd47da7f107acd
Size: 248.05 kB - xorg-x11-server-devel-1.20.11-23.el8.x86_64.rpm
MD5: 75c35ec9a901e2db3daac917c4812f83
SHA-256: a763bdaef90bc74da8a3de9f4f28705318068571cccf2b8ac7c390ee6a64594b
Size: 248.02 kB - xorg-x11-server-source-1.20.11-23.el8.noarch.rpm
MD5: e36cdae996836dfcfcb5d87527d61f12
SHA-256: fabe78ac463e45c63472d9f7fd4fff772bd028dab2716a88a5f9667fbd3b3be6
Size: 2.43 MB - xorg-x11-server-Xdmx-1.20.11-23.el8.x86_64.rpm
MD5: c5dc920a9c53180cf9364d2b3da6eb8d
SHA-256: c112fceb0d41e294d3d6a0300e84ebdc2c8b775a311e5f030b401ee40d17eaa1
Size: 903.38 kB - xorg-x11-server-Xephyr-1.20.11-23.el8.x86_64.rpm
MD5: 5c8ffd9e98ecbbe1921ce4c37c63b480
SHA-256: ac2223faac72acab5555a1cd78dd6461b21a3d0ea49fcf8ed543f041c0796bdf
Size: 1.00 MB - xorg-x11-server-Xnest-1.20.11-23.el8.x86_64.rpm
MD5: 73144843bbb5db618e2aa150d132c90a
SHA-256: 1bd5aca4f2363dccc91e86d21e515ec1190a7523b77a14b902c01c52c0bb108b
Size: 720.36 kB - xorg-x11-server-Xorg-1.20.11-23.el8.x86_64.rpm
MD5: 6e2deaa3930a3bb822ff730c46bac50a
SHA-256: 2d26c1b041b3d17738ec9310a5bc8103a8099e9875a2d4bae279f90e6c6be2da
Size: 1.49 MB - xorg-x11-server-Xvfb-1.20.11-23.el8.x86_64.rpm
MD5: 255642b954f28efe46d6ef1f3a40b564
SHA-256: 217c87111e32532d977ce1fe87ee2be832eae73added640828915a456ce3249c
Size: 873.31 kB
English