Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in X.Org X server und XWayland
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in X.Org X server und XWayland
ID: 202305-30
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Di, 30. Mai 2023, 07:09
Referenzen: https://nvd.nist.gov/vuln/detail/CVE-2021-4008
https://nvd.nist.gov/vuln/detail/CVE-2022-46283
https://nvd.nist.gov/vuln/detail/CVE-2023-0494
https://nvd.nist.gov/vuln/detail/CVE-2022-3553
https://nvd.nist.gov/vuln/detail/CVE-2022-4283
https://nvd.nist.gov/vuln/detail/CVE-2022-46340
https://nvd.nist.gov/vuln/detail/CVE-2021-4009
https://nvd.nist.gov/vuln/detail/CVE-2022-46344
https://nvd.nist.gov/vuln/detail/CVE-2023-1393
https://nvd.nist.gov/vuln/detail/CVE-2022-3551
https://nvd.nist.gov/vuln/detail/CVE-2022-46342
https://nvd.nist.gov/vuln/detail/CVE-2022-3550
https://nvd.nist.gov/vuln/detail/CVE-2021-4011
https://nvd.nist.gov/vuln/detail/CVE-2022-46341
https://nvd.nist.gov/vuln/detail/CVE-2022-46343
https://nvd.nist.gov/vuln/detail/CVE-2021-4010
Applikationen: XWayland, X11

Originalnachricht

--===============6827191331652211689==
Content-Type: text/plain; charset="utf-8"

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202305-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: X.Org X server, XWayland: Multiple Vulnerabilities
Date: May 30, 2023
Bugs: #829208, #877459, #885825, #893438, #903547
ID: 202305-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in the Xorg Server and
XWayland, the worst of which can result in privilege escalation or
remote code execution.

Background
==========

The X Window System is a graphical windowing system based on a
client/server model.

Affected packages
=================

Package Vulnerable Unaffected
-------------------- ------------ ------------
x11-base/xorg-server < 21.1.8 >= 21.1.8
x11-base/xwayland < 23.1.1 >= 23.1.1

Description
===========

Multiple vulnerabilities have been discovered in X.Org X server,
XWayland. Please review the CVE identifiers referenced below for
details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All X.Org X server users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.8"

All XWayland users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xwayland-23.1.1"

References
==========

[ 1 ] CVE-2021-4008
https://nvd.nist.gov/vuln/detail/CVE-2021-4008
[ 2 ] CVE-2021-4009
https://nvd.nist.gov/vuln/detail/CVE-2021-4009
[ 3 ] CVE-2021-4010
https://nvd.nist.gov/vuln/detail/CVE-2021-4010
[ 4 ] CVE-2021-4011
https://nvd.nist.gov/vuln/detail/CVE-2021-4011
[ 5 ] CVE-2022-3550
https://nvd.nist.gov/vuln/detail/CVE-2022-3550
[ 6 ] CVE-2022-3551
https://nvd.nist.gov/vuln/detail/CVE-2022-3551
[ 7 ] CVE-2022-3553
https://nvd.nist.gov/vuln/detail/CVE-2022-3553
[ 8 ] CVE-2022-4283
https://nvd.nist.gov/vuln/detail/CVE-2022-4283
[ 9 ] CVE-2022-46283
https://nvd.nist.gov/vuln/detail/CVE-2022-46283
[ 10 ] CVE-2022-46340
https://nvd.nist.gov/vuln/detail/CVE-2022-46340
[ 11 ] CVE-2022-46341
https://nvd.nist.gov/vuln/detail/CVE-2022-46341
[ 12 ] CVE-2022-46342
https://nvd.nist.gov/vuln/detail/CVE-2022-46342
[ 13 ] CVE-2022-46343
https://nvd.nist.gov/vuln/detail/CVE-2022-46343
[ 14 ] CVE-2022-46344
https://nvd.nist.gov/vuln/detail/CVE-2022-46344
[ 15 ] CVE-2023-0494
https://nvd.nist.gov/vuln/detail/CVE-2023-0494
[ 16 ] CVE-2023-1393
https://nvd.nist.gov/vuln/detail/CVE-2023-1393
[ 17 ] ZDI-CAN-19596

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202305-30

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
--===============6827191331652211689==
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmR1ZX8ACgkQFMQkOaVy
+9kh4Q//Sf2mdd2INp1pdmE5nN1AbShoR0/T7OnrhjBeMy5p2ln0yHhLp6jdF25U
62UaVu7UWH/E3xiREap7+bXZSbjOan3eVnUwJu0IPGyu3pY6/hRSXW8zy+OAbusq
gkzohzZj1tbuoPbFZ+jRQt9xbZhS0SaAljWhwGl87yG/9fDqhR9vaWAyvA9eIMpQ
UL0t9oxx+svmZvShiuDKmqkPaP8Ppj7u3EHe/Pj+lfX3SAJutoByTtzkPrLqD8et
Nq6kZtMeoIQk0MYqv1fgz1xZ1c+4D5TvxQTIp8XWcEJpi8UBexjt2Ff6fkDcqTrJ
p7EMp/VbaVxdJo8Ods0n5H4AYnkOEw91RHSmKN/CSdyvADcbKpatNExCxOqjzaIM
Gr4ENfGyjZW8NWPmc5T007w1Rb5TwAYa0BooBXxNNyIbNV5V2eOQAf3buFBSwEN7
YGoRG2a0LKt0rGgldW4b9RZepPcyPaQCATQnXK3Xhd6dJGqdiv9xtPfsNgsEyEp0
Lcs3s63Q+DR93oic+CTaXVnu2F0DW/WKpBP9X69+2e+MnEwsdVYgwO3RoBCkV17W
YlRIS8gp2TVBcnjX8bw22f1nTbHnt8KJnUor7NHxQFWRZ5MCbm6hNGma/NVsglSp
o9+LWvhUC8drarZUJluRqX5lHrI06PDoabQsZxXpJ+zmW+drl0Y=
=SyCd
-----END PGP SIGNATURE-----

--===============6827191331652211689==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung