ProHoster > Blog > internet news > X.Org Server 21.1.11 update with 6 vulnerabilities fixed

X.Org Server 21.1.11 update with 6 vulnerabilities fixed

Corrective releases of X.Org Server 21.1.11 and DDX component (Device-Dependent X) xwayland 23.2.4 have been published, which ensures the launch of X.Org Server for organizing the execution of X11 applications in Wayland-based environments. The new versions fix 6 vulnerabilities, some of which can be exploited for privilege escalation on systems where the X server is running as root, as well as for remote code execution in configurations that use X11 session redirection via SSH for access.

Issues identified:

  • CVE-2023-6816 - A buffer overflow occurs when an incorrect array index is passed in DeviceFocusEvent and ProcXIQueryPointer operations. The vulnerability is caused by the fact that the X server allocates array memory based on the actual number of buttons, while the request allows values ​​up to 255 in the array. The problem has been evident since the release of xorg-server-1.13.0 (2012).
  • CVE-2024-0229 An out-of-bounds buffer write via rebinding to another master device in a configuration in which the device is both equipped with input elements of the class "button" and "key" (key), and the number of buttons (numButtons parameter) is set to 0. The problem has been appearing since the release of xorg-server-1.1.1 (2006).
  • CVE-2024-21885 - A buffer overflow in the XISendDeviceHierarchyEvent function occurs when a device with a given ID is removed and a device with the same ID is added in the same request. The vulnerability is caused by the fact that during a double operation for one identifier, two instances of the xXIHierarchyInfo structure are written at once, while the XISendDeviceHierarchyEvent function allocates memory for one instance. The problem has been appearing since the release of xorg-server-1.10.0 (2010).
  • CVE-2024-21886 - A buffer overflow in the DisableDevice function that occurs when a master device is disabled while slave devices are already disabled. The vulnerability is caused by an incorrect calculation of the size of the structure for storing the list of devices. The problem has been appearing since the release of xorg-server-1.13.0 (2012).
  • CVE-2024-0409, CVE-2024-0408 – SELinux context corruption when enabling xserver_object_manager and running the client or creating a GLX PBuffer.

Source: opennet.ru

Add a comment