Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Mageia 8: 2021-0573 Critical Advisory: X11-Server Memory Issues

mageia
Calendar Grey December 21, 2021
Dist Mageia Esm H88
The newest x11-server updates address critical security flaws that allow for privilege escalation and the potential for remote code execution.
Updated x11-server packages fix security vulnerabilities: The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading...

Summary

Updated x11-server packages fix security vulnerabilities:
The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write (CVE-2021-4008).
The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write (CVE-2021-4009).
The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write (CVE-2021-4010).
The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write (CVE-2021-4011).
All of these issues can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

References

- https://bugs.mageia.org/show_bug.cgi?id=29767

- https://lists.x.org/archives/xorg-announce/2021-December/003124.html

- https://www.cve.org/CVERecord?id=CVE-2021-4008

- https://www.cve.org/CVERecord?id=CVE-2021-4009

- https://www.cve.org/CVERecord?id=CVE-2021-4010

- https://www.cve.org/CVERecord?id=CVE-2021-4011

Topics%20covered

Topics Covered

security advisory code execution memory flaw local privileges mageia x11-server

Resolution

SRPMS

- 8/core/x11-server-1.20.14-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 21 Dec 2021
URL: https://advisories.mageia.org/MGASA-2021-0573.html
Type: security
CVE: CVE-2021-4008, CVE-2021-4009, CVE-2021-4010, CVE-2021-4011

Topics%20covered

Topics Covered

security advisory code execution memory flaw local privileges mageia x11-server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here