20.Lock AbstractDigital Circular

Several vulnerabilities have been found in the widely used Xorg X server, the most severe being an out-of-bounds write flaw due to an incorrect calculation of a buffer offset (CVE-2023-5367). Due to how easy this vulnerability is to exploit and its significant threat to the confidentiality, integrity, and availability of impacted systems, this bug has received a National Vulnerability Database base score of 7.8 out of 10 (“High” severity).

How Does This Vulnerability Affect My Linux Systems?

This severe vulnerability could result in privilege escalation and denial of service (DoS) attacks, resulting in loss of system access and allowing an attacker to see additional infrastructure to attack, add or delete users, or modify permissions of files or other users. 

What Can I Do To Stay Safe?

XorgAn essential Xorg security update has been released to mitigate this dangerous vulnerability. Given this vulnerability's severe threat to impacted systems, if left unpatched, we strongly recommend that all affected users apply the updates released by Debian, Debian LTS, Fedora, Oracle, SciLinuxSlackware, and Ubuntu as soon as possible to prevent attacks potentially resulting in downtime and system compromise.

To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).