xorg-x11-server-Xwayland-24.1.9-4.el9_8
エラータID: AXSA:2026-1215:05
リリース日:
2026/07/08 Wednesday - 14:19
題名:
xorg-x11-server-Xwayland-24.1.9-4.el9_8
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.org には、整数アンダーフローの問題があるため、ローカルの
攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-33999)
- X.org には、メモリ領域の解放後利用の問題があるため、ローカル
の攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-34001)
- X.org には、メモリ領域の範囲外読み取りの問題があるため、ローカル
の攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-34003)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-33999
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
CVE-2026-34001
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
CVE-2026-34003
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
追加情報:
N/A
ダウンロード:
SRPMS
- xorg-x11-server-Xwayland-24.1.9-4.el9_8.src.rpm
MD5: bf88babf026cf6991aa426388d1e195a
SHA-256: 49624831b3cd7174a84689097db2fd3031efb17af1941d0542705eb5b332ca20
Size: 1.27 MB
Asianux Server 9 for x86_64
- xorg-x11-server-Xwayland-24.1.9-4.el9_8.i686.rpm
MD5: 641c8301165b00c8fd2d17a472824e6d
SHA-256: a347ec90af09ff5a47fe4399333c8c38138e6527f780eabc44a80c133ebac9ec
Size: 1.02 MB - xorg-x11-server-Xwayland-24.1.9-4.el9_8.x86_64.rpm
MD5: 2947db5957a3e2af6e4ce8195f72dfe5
SHA-256: 2b4dfcfe900521698a0775cc8b47019d60d09fc38aabcbca74da6ac0367c3e11
Size: 0.98 MB - xorg-x11-server-Xwayland-devel-24.1.9-4.el9_8.i686.rpm
MD5: 24fb8397776f6a3f02cbaa68f4e629dc
SHA-256: a88dde1159c2798ee81d2381f077093510e596513e561dca37b865b7548dff6b
Size: 8.98 kB - xorg-x11-server-Xwayland-devel-24.1.9-4.el9_8.x86_64.rpm
MD5: 1eb8ddc57a68cbb65e6b197535842feb
SHA-256: 8b6847498bce06a4c55a66842ae3437880f82e07658984dda360b68352fa7bec
Size: 8.96 kB