diff options
author | AlanCoopersmith <AlanCoopersmith@web> | 2024-04-12 19:47:18 +0200 |
---|---|---|
committer | IkiWiki <ikiwiki.info> | 2024-04-12 19:47:18 +0200 |
commit | 63a7e05edc0394b8594fb45169d1ec77071665c4 (patch) | |
tree | a45efdd074648d3c167f0022b2cfe0273e495cf3 | |
parent | 31c43cc6b6b917880faa7935f8ace65fc008ce63 (diff) |
Add April 2024 X server advisory
-rw-r--r-- | Development/Security.mdwn | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/Development/Security.mdwn b/Development/Security.mdwn index c441a5c9..fd930b35 100644 --- a/Development/Security.mdwn +++ b/Development/Security.mdwn @@ -10,6 +10,16 @@ See the [[Security Checklist|Development/Security/Checklist]] for the list of th ## X.Org 7.7 +* April 3, 2024 Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5 + * CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents + * CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice + * CVE-2024-31082: Heap buffer overread/data leakage in ProcAppleDRICreatePixmap + * CVE-2024-31083: User-after-free in ProcRenderAddGlyphs + * Fixed in [[xwayland 23.2.5|https://lists.x.org/archives/xorg-announce/2024-April/003498.html]] + * Fixed in [[xorg-server 21.1.12|https://lists.x.org/archives/xorg-announce/2024-April/003499.html]] + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2024-April/003497.html]] for more information + * Note that the fix for CVE-2024-31083 introduced a regression, which was fixed in [[xwayland 23.2.6|https://lists.x.org/archives/xorg-announce/2024-April/003503.html]] and [[xorg-server 21.1.13|https://lists.x.org/archives/xorg-announce/2024-April/003504.html]], see [[the advisory|https://lists.x.org/archives/xorg-announce/2024-April/003505.html]] for more information + * January 16, 2024 Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4 * CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer * CVE-2024-0229: Reattaching to different master device may lead to out-of-bounds memory access |