Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Fedora 37: 2022-c3a65f7c65 Critical: Xorg-X11-Server DoS Threat

fedora
Calendar Grey December 16, 2022
Dist Fedora Esm H88
Essential Fedora 37 patch for xorg-x11-server addresses several use-after-free and out-of-bounds vulnerabilities.
CVE fixes for: CVE-2022-4283, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344

Summary

X.Org X11 X server

CVE fixes for: CVE-2022-4283, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342,

CVE-2022-46343, CVE-2022-46344

* Wed Dec 14 2022 Peter Hutterer 1.20.14-11

- CVE fix for: CVE-2022-4283, CVE-2022-46340, CVE-2022-46341,

CVE-2022-46342, CVE-2022-46343, CVE-2022-46344

* Wed Nov 23 2022 Peter Hutterer - 1.20.14-10

- Drop dependency on xorg-x11-font-utils, it was only there for on

build-time variable that's always the same value anyway (#2145088)

[ 1 ] Bug #2153116 - CVE-2022-46340 xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow [fedora-37]

https://bugzilla.redhat.com/show_bug.cgi?id=2153116

[ 2 ] Bug #2153123 - CVE-2022-46342 xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free [fedora-37]

https://bugzilla.redhat.com/show_bug.cgi?id=2153123

[ 3 ] Bug #2153124 - CVE-2022-46343 xorg-x11-server: X.Org Server ScreenSaverSetAttributes use-after-free [fedora-37]

https://bugzilla.redhat.com/show_bug.cgi?id=2153124

[ 4 ] Bug #2153128 - CVE-2022-4283 xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free [fedora-37]

https://bugzilla.redhat.com/show_bug.cgi?id=2153128

[ 5 ] Bug #2153132 - CVE-2022-46341 xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access [fedora-37]

https://bugzilla.redhat.com/show_bug.cgi?id=2153132

[ 6 ] Bug #2153138 - CVE-2022-46344 xorg-x11-server: X.Org Server XIChangeProperty out-of-bounds access [fedora-37]

https://bugzilla.redhat.com/show_bug.cgi?id=2153138

su -c 'dnf upgrade --advisory FEDORA-2022-c3a65f7c65' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory critical Fedora DoS xorg-x11-server use-after-free

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 37
Version: 1.20.14
Release: 11.fc37
URL: https://www.x.org/wiki/
Summary: X.Org X11 X server

Topics%20covered

Topics Covered

security advisory critical Fedora DoS xorg-x11-server use-after-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here