Advisories » MGASA-2023-0307

Updated x11-server packages fix security vulnerabilities

Publication date: 06 Nov 2023
Modification date: 06 Nov 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-5367 , CVE-2023-5380 , CVE-2023-5574

Description

The updated packages fix security vulnerabilities:

OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
(CVE-2023-5367)

Use-after-free bug in DestroyWindow. (CVE-2023-5380)

Use-after-free bug in DamageDestroy. (CVE-2023-5574)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32453
• https://www.openwall.com/lists/oss-security/2023/10/25/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5367
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5380
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5574

SRPMS

8/core

• x11-server-1.20.14-4.4.mga8

9/core

• x11-server-21.1.8-7.1.mga9
• x11-server-xwayland-22.1.9-1.1.mga9