Mageia 7, 8: MGASA-2021-0190 Low Severity X Server Escalation Threat

mageia

April 15, 2021

Insufficient checks on the lengths of the XInput extension ChangeFeedbackControl request can lead to out of bounds memory accesses in the X server

Summary

Insufficient checks on the lengths of the XInput extension ChangeFeedbackControl request can lead to out of bounds memory accesses in the X server.
These issues can lead to privilege escalation for authorized clients on systems where the X server is running privileged (CVE-2021-3472).

References

- https://bugs.mageia.org/show_bug.cgi?id=28774

- https://lists.freedesktop.org/archives/xorg/2021-April/060678.html

- https://lists.freedesktop.org/archives/xorg/2021-April/060679.html

- https://www.cve.org/CVERecord?id=CVE-2021-3472

Topics Covered

security advisory security update security issue privilege escalation system update low severity X server Mageia mageia x11-server

Resolution

SRPMS

- 7/core/x11-server-1.20.11-1.mga7

- 8/core/x11-server-1.20.11-1.mga8

Severity

low

Lowest

Low

Medium

High

Critical

Publication date: 15 Apr 2021

URL: https://advisories.mageia.org/MGASA-2021-0190.html

Type: security

CVE: CVE-2021-3472

Topics Covered

security advisory security update security issue privilege escalation system update low severity X server Mageia mageia x11-server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks