xorg-x11-server-1.20.11-26.el9
エラータID: AXSA:2024-9299:11
リリース日:
2024/12/12 Thursday - 20:41
題名:
xorg-x11-server-1.20.11-26.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- X.org の ProcXIGetSelectedEvents() 関数には、ヒープ領域
の範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントからの
操作を介して、情報の漏洩、およびサービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2024-31080)
- X.org の ProcXIPassiveGrabDevice() 関数には、ヒープ領域
の範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントからの
操作を介して、情報の漏洩、およびサービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2024-31081)
- X.org の ProcRenderAddGlyphs() 関数には、メモリ領域の
解放後利用の問題があるため、認証されたローカルの攻撃者に
より、細工されたリクエストの送信を介して、任意のコードの
実行を可能とする脆弱性が存在します。(CVE-2024-31083)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-31080
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31081
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31083
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
追加情報:
N/A
ダウンロード:
SRPMS
- xorg-x11-server-1.20.11-26.el9.src.rpm
MD5: 0e2f591fc44c2fc27cffe5ac89dfe508
SHA-256: fbc6d9139b07f1a8b8fb2b82dcf35a11497d21c4502d9ff8004e9755fb9ba357
Size: 6.28 MB
Asianux Server 9 for x86_64
- xorg-x11-server-common-1.20.11-26.el9.x86_64.rpm
MD5: 8010cc2cda97f3ca1d8e1b39f140eaa1
SHA-256: cee096c52aa1c6457d3ced1c9f53f08dc479fb388976213e94a080156fac76c3
Size: 34.48 kB - xorg-x11-server-devel-1.20.11-26.el9.i686.rpm
MD5: ac45aa9f23d06ff4ce981315b7079612
SHA-256: 0dfbdb2b5e077221022b4425b9a79f81516ed81ea117c93fd67b4175a48fb01b
Size: 252.08 kB - xorg-x11-server-devel-1.20.11-26.el9.x86_64.rpm
MD5: 2aece8322a3494ad5fdb6aa1c5c0849b
SHA-256: eba8ded0f1e29528db7777ad8fd78e02342d3859b2fe354268c494c90158fdad
Size: 252.10 kB - xorg-x11-server-source-1.20.11-26.el9.noarch.rpm
MD5: 7d46437898c117432e601ae635d402b4
SHA-256: e5bc5f6ef23ab468970a33767b5b9c515f1a6acbb5097b66036875482b3ec292
Size: 2.37 MB - xorg-x11-server-Xdmx-1.20.11-26.el9.x86_64.rpm
MD5: be7f9e99904b00a8f153a6d8cc8dc39d
SHA-256: 83f61a04c3ee7b5edb418975f44b2dd219f690e8769518076b3d78fe2703cf1a
Size: 896.38 kB - xorg-x11-server-Xephyr-1.20.11-26.el9.x86_64.rpm
MD5: d6e4be54d3ae91e796afc8de936335e0
SHA-256: 8c7dfc3ea40597f91eb3c476de79bdf42ab1e7b8c90de502e3ea20a35ca25ea9
Size: 1.02 MB - xorg-x11-server-Xnest-1.20.11-26.el9.x86_64.rpm
MD5: 0c8344ccc7fa01318f53cff1cd57cb8d
SHA-256: d11de61cb32ace6d2aae5a325479b8c5693d2f2b239efea0bf065f2463495420
Size: 719.50 kB - xorg-x11-server-Xorg-1.20.11-26.el9.x86_64.rpm
MD5: 054dba78fd3103b351759625973453db
SHA-256: e0473c27d512d50d0b210f5c3e82d1a0d88a6364dbf7f877412bf68e23caf8a4
Size: 1.46 MB - xorg-x11-server-Xvfb-1.20.11-26.el9.x86_64.rpm
MD5: 81db87bb9dc5f5c19d2167dc399387de
SHA-256: e20f75187f67b8543797291e3cc6e0264712ae7cc3f04e8fff254f71304e97e3
Size: 895.02 kB
English