xorg-x11-server-Xwayland-23.2.7-1.el9
エラータID: AXSA:2024-9300:04
リリース日:
2024/12/12 Thursday - 20:44
題名:
xorg-x11-server-Xwayland-23.2.7-1.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- X.org の ProcXIGetSelectedEvents() 関数には、ヒープ領域
の範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントからの
操作を介して、情報の漏洩、およびサービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2024-31080)
- X.org の ProcXIPassiveGrabDevice() 関数には、ヒープ領域
の範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントからの
操作を介して、情報の漏洩、およびサービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2024-31081)
- X.org の ProcRenderAddGlyphs() 関数には、メモリ領域の
解放後利用の問題があるため、認証されたローカルの攻撃者に
より、細工されたリクエストの送信を介して、任意のコードの
実行を可能とする脆弱性が存在します。(CVE-2024-31083)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-31080
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31081
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31083
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
追加情報:
N/A
ダウンロード:
SRPMS
- xorg-x11-server-Xwayland-23.2.7-1.el9.src.rpm
MD5: 9e680a3b0e4e3aa2e7fbf7e24192b10f
SHA-256: 44367e4921b3c1fc76219472830217c320450d464848bf767b6834620aafa238
Size: 1.25 MB
Asianux Server 9 for x86_64
- xorg-x11-server-Xwayland-23.2.7-1.el9.i686.rpm
MD5: 04766294f86f2f3b50d937f978c44cbc
SHA-256: ef4f56f9f90640718f4863dda57553c49e568976956fcb1a70be6a51164ef358
Size: 1.01 MB - xorg-x11-server-Xwayland-23.2.7-1.el9.x86_64.rpm
MD5: 33a6d3e58f73301d5cc06598d7ead5fa
SHA-256: 3e5e35ce144b7f0279e6fa18040c1e33f7d055385919ada558d88370870d634b
Size: 0.96 MB - xorg-x11-server-Xwayland-devel-23.2.7-1.el9.i686.rpm
MD5: 7fe416707df95f985da17fc3631eed27
SHA-256: 49b102946bb56c545ea3440fd968b0e6aa48dc9620875db51bd8d3dcc3fe9d85
Size: 8.72 kB - xorg-x11-server-Xwayland-devel-23.2.7-1.el9.x86_64.rpm
MD5: ff3482fd4e4d94cff6a88c2faef7b64e
SHA-256: 5f7bd3752a0fc87238c06c5531b5e4ed2d521c5b4ebbb764c3fa3e71b3aabed9
Size: 8.70 kB
English