Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 36 Xorg-x11-server Security Update: Urgent Patch for Various Risks

fedora
Calendar Grey December 26, 2022
Dist Fedora Esm H88
Important patch for xorg-x11-server on Fedora 36 tackling several CVEs while enhancing overall system safety.
X.Org X11 X server

Summary

X.Org X11 X server

Fix buggy patch to CVE-2022-46340 ---- CVE fix for: CVE-2022-4283,

CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344

* Mon Dec 19 2022 Peter Hutterer - 1.20.14-12

- Fix buggy patch to CVE-2022-46340

* Wed Dec 14 2022 Peter Hutterer 1.20.14-11

- CVE fix for: CVE-2022-4283, CVE-2022-46340, CVE-2022-46341,

CVE-2022-46342, CVE-2022-46343, CVE-2022-46344

* Wed Nov 23 2022 Peter Hutterer - 1.20.14-10

- Drop dependency on xorg-x11-font-utils, it was only there for on

build-time variable that's always the same value anyway (#2145088)

[ 1 ] Bug #2153115 - CVE-2022-46340 xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2153115

[ 2 ] Bug #2153121 - CVE-2022-46342 xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2153121

[ 3 ] Bug #2153122 - CVE-2022-46343 xorg-x11-server: X.Org Server ScreenSaverSetAttributes use-after-free [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2153122

[ 4 ] Bug #2153127 - CVE-2022-4283 xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2153127

[ 5 ] Bug #2153131 - CVE-2022-46341 xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2153131

[ 6 ] Bug #2153137 - CVE-2022-46344 xorg-x11-server: X.Org Server XIChangeProperty out-of-bounds access [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2153137

su -c 'dnf upgrade --advisory FEDORA-2022-dd3eb7e0a8' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory Fedora critical fix system update security threat xorg server

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 36
Version: 1.20.14
Release: 12.fc36
URL: https://www.x.org/wiki/
Summary: X.Org X11 X server

Topics%20covered

Topics Covered

security advisory Fedora critical fix system update security threat xorg server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here