diff options
author | José Expósito <jose.exposito89@gmail.com> | 2024-01-18 10:25:45 +0100 |
---|---|---|
committer | José Expósito <jose.exposito89@gmail.com> | 2024-01-18 10:25:45 +0100 |
commit | bbe095c8a28f69e061f339fe68dbaf96fd11498a (patch) | |
tree | 58a886a56b8d11d4b9455241d03c84646df980d8 | |
parent | 1a96ce4dd4c3a6baf54202ba80ebafd99e292df2 (diff) |
Add Jan 16 2024 X.Org X server and Xwayland advisory
-rw-r--r-- | Development/Security.mdwn | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/Development/Security.mdwn b/Development/Security.mdwn index 8488b854..c441a5c9 100644 --- a/Development/Security.mdwn +++ b/Development/Security.mdwn @@ -10,6 +10,17 @@ See the [[Security Checklist|Development/Security/Checklist]] for the list of th ## X.Org 7.7 +* January 16, 2024 Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4 + * CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer + * CVE-2024-0229: Reattaching to different master device may lead to out-of-bounds memory access + * CVE-2024-21885: Heap buffer overflow in XISendDeviceHierarchyEvent + * CVE-2024-21886: Heap buffer overflow in DisableDevice + * CVE-2024-0409: SELinux context corruption + * CVE-2024-0408: SELinux unlabeled GLX PBuffer + * Fixed in [[xwayland 23.2.4|https://lists.x.org/archives/xorg-announce/2024-January/003443.html]] + * Fixed in [[xorg-server 21.1.11|https://lists.x.org/archives/xorg-announce/2024-January/003442.html]] + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2024-January/003444.html]] for more information + * October 2, 2023 Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17 * CVE-2023-43785 libX11: out-of-bounds memory access in _XkbReadKeySyms() * CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() |