Mageia 2022-0256: x11-server security update | LinuxSecurity.com

Advisories

What Are You Looking For?

Popular Tags

Contribute

Advisories This Week: 237

MGASA-2022-0256 - Updated x11-server packages fix security vulnerabilities

Publication date: 13 Jul 2022
URL: https://advisories.mageia.org/MGASA-2022-0256.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-2319,
     CVE-2022-2320

Updated x11-server packages fix security vulnerabilities:

ProcXkbSetGeometry Out-Of-Bounds Access.
The handler for the ProcXkbSetGeometry request of the Xkb extension does
not properly validate the request length leading to out of bounds memory
write (CVE-2022-2319).

ProcXkbSetDeviceInfo Out-Of-Bounds Access.
The handler for the ProcXkbSetDeviceInfo request of the Xkb extension
does not properly validate the request length leading to out of bounds
memory write (CVE-2022-2320).

References:
- https://bugs.mageia.org/show_bug.cgi?id=30628
- https://lists.x.org/archives/xorg/2022-July/061035.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320

SRPMS:
- 8/core/x11-server-1.20.14-3.mga8

Mageia 2022-0256: x11-server security update

Updated x11-server packages fix security vulnerabilities: ProcXkbSetGeometry Out-Of-Bounds Access

Summary

Updated x11-server packages fix security vulnerabilities:
ProcXkbSetGeometry Out-Of-Bounds Access. The handler for the ProcXkbSetGeometry request of the Xkb extension does not properly validate the request length leading to out of bounds memory write (CVE-2022-2319).
ProcXkbSetDeviceInfo Out-Of-Bounds Access. The handler for the ProcXkbSetDeviceInfo request of the Xkb extension does not properly validate the request length leading to out of bounds memory write (CVE-2022-2320).

References

- https://bugs.mageia.org/show_bug.cgi?id=30628

- https://lists.x.org/archives/xorg/2022-July/061035.html

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320

Resolution

MGASA-2022-0256 - Updated x11-server packages fix security vulnerabilities

SRPMS

- 8/core/x11-server-1.20.14-3.mga8

Severity
Publication date: 13 Jul 2022
URL: https://advisories.mageia.org/MGASA-2022-0256.html
Type: security
CVE: CVE-2022-2319, CVE-2022-2320

News

Advisories

HOWTOs

Features

Open Source OSINT Tools and Techniques
The Story Behind the Linux Security Quick Reference Guide
Benefits & Drawbacks of Using a VPN on Linux
How a WAF Could Improve the Security of Your Linux Web Applications
Installing SurfShark VPN On Kali Linux: The Authoritative Guide

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy