xorg-x11-server-Xwayland-21.1.3-20.el8_10
エラータID: AXSA:2026-541:01
リリース日:
2026/05/04 Monday - 19:00
題名:
xorg-x11-server-Xwayland-21.1.3-20.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.org には、整数アンダーフローの問題があるため、ローカルの
攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-33999)
- X.org には、メモリ領域の解放後利用の問題があるため、ローカル
の攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃
を可能とする脆弱性が存在します。(CVE-2026-34001)
- X.org には、メモリ領域の範囲外読み取りの問題があるため、
ローカルの攻撃者により、情報の漏洩、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2026-34003)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-33999
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
CVE-2026-34001
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
CVE-2026-34003
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
追加情報:
N/A
ダウンロード:
SRPMS
- xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm
MD5: 1b9487d9ade81e810c3086bdfc64ea7f
SHA-256: 68fcd731d15b2bc77a0c65bc352b28bf65a8da2f15907012fdd36ed6b3bbf23d
Size: 1.27 MB
Asianux Server 8 for x86_64
- xorg-x11-server-Xwayland-21.1.3-20.el8_10.x86_64.rpm
MD5: 195474288017a6eb6449058e29b7cc95
SHA-256: b71fbf4b77382a1086cbb2db0b0eb93a372bd806a6e042e248d70ae6d85334c3
Size: 967.70 kB
English