xorg-x11-server-1.20.4-99.0.8.el7.AXS7
エラータID: AXSA:2025-11567:11
リリース日:
2025/12/22 Monday - 18:55
題名:
xorg-x11-server-1.20.4-99.0.8.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.Orgには、_XkbSetCompatMap() 関数で割り当てたサイズの追跡処理の
不備に起因したバッファーオーバーフローの問題があるため、ローカルの
攻撃者により、巧妙に細工されたペイロードの処理を介して、特権昇格、
およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-9632)
- X.org には、メモリ領域の解放後利用の問題があるため、
ローカルの攻撃者により、任意のコードの実行、およびサービス
拒否攻撃 (クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2025-62229)
- X.org の Xkb 拡張機能には、メモリ領域の解放後利用の問題が
あるため、ローカルの攻撃者により、メモリ破壊、およびサービス
拒否攻撃 (クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2025-62230)
- X.org の Xkb 拡張機能には、整数オーバーフローの問題があるため、
ローカルの攻撃者により、メモリ破壊、およびサービス拒否攻撃
(クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2025-62231)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-9632
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.
CVE-2025-62229
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
CVE-2025-62230
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
CVE-2025-62231
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- xorg-x11-server-common-1.20.4-99.0.8.el7.AXS7.x86_64.rpm
MD5: 854ab3903be14b6b356d9ba5829f4ea5
SHA-256: 1849b75924788129a330a35387437fdf8ee99ceaa18586f31d4d5bc5b22a1415
Size: 59.41 kB - xorg-x11-server-Xephyr-1.20.4-99.0.8.el7.AXS7.x86_64.rpm
MD5: eaefa6de0cc891f9eba839bc71ef98de
SHA-256: 7b76c754e939ee05b89699c3bf38ff4e30658c2a4271cbbdd884cc426ba183ec
Size: 0.98 MB - xorg-x11-server-Xorg-1.20.4-99.0.8.el7.AXS7.x86_64.rpm
MD5: 5671ee87a18ce70e2c23f7a485d6eff0
SHA-256: d499bec4b5e63c411739b43e1083b43fc9904f6a91682c1fb3f3a3d5828d7a14
Size: 1.46 MB - xorg-x11-server-Xwayland-1.20.4-99.0.8.el7.AXS7.x86_64.rpm
MD5: 867128a23a4f36ed446b1fa6f6a3832c
SHA-256: ed1c93a64ad367f51d421acbc06bee690bc7d2d7385bbdcce297924f550549c9
Size: 955.24 kB
English