Explore top 10 tips to secure your open-source projects now. Read More
×
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5872-1
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-8798 http://linux.oracle.com/errata/ELSA-2024-8798.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: xorg-x11-server-Xdmx-1.20.11-25.el8_10.x86_64.rpm xorg-x11-server-Xephyr-1.20.11-25.el8_10.x86_64.rpm xorg-x11-server-Xnest-1.20.11-25.el8_10.x86_64.rpm xorg-x11-server-Xorg-1.20.11-25.el8_10.x86_64.rpm xorg-x11-server-Xvfb-1.20.11-25.el8_10.x86_64.rpm xorg-x11-server-Xwayland-21.1.3-17.el8_10.x86_64.rpm xorg-x11-server-common-1.20.11-25.el8_10.x86_64.rpm xorg-x11-server-devel-1.20.11-25.el8_10.i686.rpm xorg-x11-server-devel-1.20.11-25.el8_10.x86_64.rpm xorg-x11-server-source-1.20.11-25.el8_10.noarch.rpm aarch64: xorg-x11-server-Xdmx-1.20.11-25.el8_10.aarch64.rpm xorg-x11-server-Xephyr-1.20.11-25.el8_10.aarch64.rpm xorg-x11-server-Xnest-1.20.11-25.el8_10.aarch64.rpm xorg-x11-server-Xorg-1.20.11-25.el8_10.aarch64.rpm xorg-x11-server-Xvfb-1.20.11-25.el8_10.aarch64.rpm xorg-x11-server-Xwayland-21.1.3-17.el8_10.aarch64.rpm xorg-x11-server-common-1.20.11-25.el8_10.aarch64.rpm xorg-x11-server-devel-1.20.11-25.el8_10.aarch64.rpm xorg-x11-server-source-1.20.11-25.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//xorg-x11-server-1.20.11-25.el8_10.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//xorg-x11-server-Xwayland-21.1.3-17.el8_10.src.rpm Related CVEs: CVE-2024-9632 Description of changes: xorg-x11-server [1.20.11-25] - CVE fix for CVE-2024-9632 xorg-x11-server-Xwayland [21.1.3-17] - Fix for CVE-2024-9632 - (RHEL-61995) _______________________________________________ El-errata mailing list
CVE fix for: CVE-2023-6377, CVE-2023-6478. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-ec02e360af 2024-01-11 02:15:43.703651 -------------------------------------------------------------------------------- Name : xorg-x11-server Product : Fedora 38 Version : 1.20.14 Release : 28.fc38 URL : https://www.x.org/wiki/ Summary : X.Org X11 X server Description : X.Org X11 X server -------------------------------------------------------------------------------- Update Information: CVE fix for: CVE-2023-6377, CVE-2023-6478 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 13 2023 Peter Hutterer - 1.20.14-28 - CVE fix for: CVE-2023-6377, CVE-2023-6478 * Fri Nov 10 2023 Peter Hutterer - 1.20.14-27 - Update with full SPDX license list -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-ec02e360af' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Several security issues were fixed in X.Org X Server.. ========================================================================== Ubuntu Security Notice USN-6555-2 December 13, 2023 xorg-server vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in X.Org X Server. Software Description: - xorg-server: X.Org X11 server Details: USN-6555-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB button actions. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-6377) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could possibly use this issue to cause the X Server to crash, or obtain sensitive information. (CVE-2023-6478) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm3 xwayland 2:1.19.6-1ubuntu4.15+esm3 Ubuntu 16.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm8 xwayland 2:1.18.4-0ubuntu0.12+esm8 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6555-2 https://ubuntu.com/security/notices/USN-6555-1 CVE-2023-6377, CVE-2023-6478 . The X.Org X Server team has implemented a significant update for Ubuntu 16.04 and18.04 LTS, fixing critical vulnerabilities.. X.Org Issues, Ubuntu Pro Update, X Server Security Fix. . Severity: Critical. LinuxSecurity.com Team
Fix for CVE-2023-1393. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-7d7c74b868 2023-03-30 01:18:52.401433 --------------------------------------------------------------------------------Name : xorg-x11-server Product : Fedora 37 Version : 1.20.14 Release : 21.fc37 URL : https://www.x.org/wiki/ Summary : X.Org X11 X server Description : X.Org X11 X server --------------------------------------------------------------------------------Update Information: Fix for CVE-2023-1393 --------------------------------------------------------------------------------ChangeLog: * Wed Mar 29 2023 Olivier Fourdan - 1.20.14-21 - CVE fix for: CVE-2023-1393 * Thu Feb 23 2023 Olivier Fourdan - 1.20.14-20 - Fix xvfb-run script with --listen-tcp * Thu Feb 9 2023 Iker Pedrosa - 1.20.14-19 - Remove pam_console from service file (#1822209) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7d7c74b868' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Several security issues were fixed in X.Org X Server.. =========================================================================Ubuntu Security Notice USN-5193-2 January 26, 2022 xorg-server vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in X.Org X Server. Software Description: - xorg-server: X.Org X11 server Details: USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm1 Ubuntu 14.04 ESM: xserver-xorg-core 2:1.15.1-0ubuntu2.11+esm5 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5193-2 https://ubuntu.com/security/notices/USN-5193-1 CVE-2021-4008, CVE-2021-4009, CVE-2021-4011 . Information regarding X.Org X Server security flaws resolved in Ubuntu as of January 26, 2022. Guidance for updating packages provided.. Ubuntu Security,X.Org X Server,Denial of Service Fixes,Server Updates. . Severity: Critical. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-0003 https://linux.oracle.com/errata/ELSA-2022-0003.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: xorg-x11-server-Xdmx-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xephyr-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xnest-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xorg-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xvfb-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xwayland-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-common-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-devel-1.20.4-17.el7_9.i686.rpm xorg-x11-server-devel-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-source-1.20.4-17.el7_9.noarch.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates/xorg-x11-server-1.20.4-17.el7_9.src.rpm Related CVEs: CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 Description of changes: [1.20.4-17] - CVE fix for: CVE-2021-4008 (#2030161), CVE-2021-4009 (#2030171), CVE-2021-4010 (#2030176), CVE-2021-4011 (#2030180) _______________________________________________ El-errata mailing list
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: xorg-x11-server security update Advisory ID: RHSA-2022:0003-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0003 Issue date: 2022-01-03 CVE Names: CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 ==================================================================== 1. Summary: An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: SProcRenderCompositeGlyphs out-of-bounds access (CVE-2021-4008) * xorg-x11-server: SProcXFixesCreatePointerBarrier out-of-bounds access (CVE-2021-4009) *xorg-x11-server: SProcScreenSaverSuspend out-of-bounds access (CVE-2021-4010) * xorg-x11-server: SwapCreateRegister out-of-bounds access (CVE-2021-4011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2026059 - CVE-2021-4008 xorg-x11-server: SProcRenderCompositeGlyphs out-of-bounds access 2026072 - CVE-2021-4009 xorg-x11-server: SProcXFixesCreatePointerBarrier out-of-bounds access 2026073 - CVE-2021-4010 xorg-x11-server: SProcScreenSaverSuspend out-of-bounds access 2026074 - CVE-2021-4011 xorg-x11-server: SwapCreateRegister out-of-bounds access 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: xorg-x11-server-1.20.4-17.el7_9.src.rpm x86_64: xorg-x11-server-Xephyr-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xorg-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-common-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: xorg-x11-server-source-1.20.4-17.el7_9.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xnest-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xvfb-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xwayland-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.i686.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-devel-1.20.4-17.el7_9.i686.rpm xorg-x11-server-devel-1.20.4-17.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): Source: xorg-x11-server-1.20.4-17.el7_9.src.rpm noarch: xorg-x11-server-source-1.20.4-17.el7_9.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xephyr-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xnest-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xorg-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xvfb-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xwayland-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-common-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.i686.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-devel-1.20.4-17.el7_9.i686.rpm xorg-x11-server-devel-1.20.4-17.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: xorg-x11-server-1.20.4-17.el7_9.src.rpm ppc64: xorg-x11-server-Xephyr-1.20.4-17.el7_9.ppc64.rpm xorg-x11-server-Xorg-1.20.4-17.el7_9.ppc64.rpm xorg-x11-server-common-1.20.4-17.el7_9.ppc64.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.ppc64.rpm ppc64le: xorg-x11-server-Xephyr-1.20.4-17.el7_9.ppc64le.rpm xorg-x11-server-Xorg-1.20.4-17.el7_9.ppc64le.rpm xorg-x11-server-common-1.20.4-17.el7_9.ppc64le.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.ppc64le.rpm s390x: xorg-x11-server-Xephyr-1.20.4-17.el7_9.s390x.rpm xorg-x11-server-common-1.20.4-17.el7_9.s390x.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.s390x.rpm x86_64: xorg-x11-server-Xephyr-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xorg-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-common-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): noarch: xorg-x11-server-source-1.20.4-17.el7_9.noarch.rpm ppc64: xorg-x11-server-Xdmx-1.20.4-17.el7_9.ppc64.rpm xorg-x11-server-Xnest-1.20.4-17.el7_9.ppc64.rpm xorg-x11-server-Xvfb-1.20.4-17.el7_9.ppc64.rpm xorg-x11-server-Xwayland-1.20.4-17.el7_9.ppc64.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.ppc.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.ppc64.rpm xorg-x11-server-devel-1.20.4-17.el7_9.ppc.rpm xorg-x11-server-devel-1.20.4-17.el7_9.ppc64.rpm ppc64le: xorg-x11-server-Xdmx-1.20.4-17.el7_9.ppc64le.rpm xorg-x11-server-Xnest-1.20.4-17.el7_9.ppc64le.rpm xorg-x11-server-Xvfb-1.20.4-17.el7_9.ppc64le.rpm xorg-x11-server-Xwayland-1.20.4-17.el7_9.ppc64le.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.ppc64le.rpm xorg-x11-server-devel-1.20.4-17.el7_9.ppc64le.rpm s390x: xorg-x11-server-Xdmx-1.20.4-17.el7_9.s390x.rpm xorg-x11-server-Xnest-1.20.4-17.el7_9.s390x.rpm xorg-x11-server-Xvfb-1.20.4-17.el7_9.s390x.rpm xorg-x11-server-Xwayland-1.20.4-17.el7_9.s390x.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xnest-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xvfb-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xwayland-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.i686.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-devel-1.20.4-17.el7_9.i686.rpm xorg-x11-server-devel-1.20.4-17.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: xorg-x11-server-1.20.4-17.el7_9.src.rpm x86_64: xorg-x11-server-Xephyr-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xorg-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-common-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.7): noarch: xorg-x11-server-source-1.20.4-17.el7_9.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xnest-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xvfb-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-Xwayland-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.i686.rpm xorg-x11-server-debuginfo-1.20.4-17.el7_9.x86_64.rpm xorg-x11-server-devel-1.20.4-17.el7_9.i686.rpm xorg-x11-server-devel-1.20.4-17.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-4008 https://access.redhat.com/security/cve/CVE-2021-4009 https://access.redhat.com/security/cve/CVE-2021-4010 https://access.redhat.com/security/cve/CVE-2021-4011 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYdMM3tzjgjWX9erEAQiPnhAAmAJRYEtItxYAp3I9hJxtwHsALv2Se13a vAsyLOM19nb9J2nZ+fZC+SMczbiWwZShAuH3W7Ni/pwLjGEOLEckDGxsuJoTfr0K hfuK2LsYJRKl1/ScdDFyNYIzg3W24YpM/16MU3WVrerumn5v0TJAh1F+H2jdUw8b IyWI/LrS7Ft+Xwl3e6hlJH46tlbUz/J2MtgbGjdbtcQSiAEwD/UnPUqe1C/lEXTa RPkfhZpEmcruHjIaez6Dc8zAvDWtRxQlAkQoEAcbr+Gu9engiB3R8pJP/4CKuIJF dRsBNtRZMv53xIt9QZfiVBMrmUq8ui2Vr1xdmIFO1joL+lrc+yJvLy5KQ+e5Y1Ou W9ssEDXBVLmJnBOgAMShDFxgl1s+/S59hnSCITtnEeUKtcnY9+uLrCttj28Z6Hun n4oDhLX6y3s7Cu7YD2DqHPQDaE/N90sCsvxSaNJPEjCrpufUzzZox/lZTfYD2e/f gUrDLGRMvrfH/cXLujGCw2ZX5e5gIw1jUQihygaAXOi583HS/7M9OnHeUA/D0wBX g6N0pbxC26MSLMlkfeRr9DcqMk1oJLJ3/6hm7tB3opb1kEd1lE9WWKVlgVaq2Zbz lAMRfVpPPTEWdqFSDpUdI6MoOUBe3OIyLGSicS5vuQf/xY0oQvtbLKxg5D6HZ5d6 icer5sweJY8=ylmn -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Get the latest Linux and open source security news straight to your inbox.