Updated x11-server, x11-server-xwayland and tigervnc fix security issues
Publication date: 04 Feb 2024Modification date: 04 Feb 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-6816 , CVE-2024-0229 , CVE-2024-21885 , CVE-2024-21886 , CVE-2024-0408 , CVE-2024-0409
Description
The updated packages fix security vulnerabilities:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
(CVE-2023-6816)
Reattaching to different master device may lead to out-of-bounds memory
access. (CVE-2024-0229)
Heap buffer overflow in XISendDeviceHierarchyEvent. (CVE-2024-21885)
Heap buffer overflow in DisableDevice. (CVE-2024-21886)
SELinux unlabeled GLX PBuffer. (CVE-2024-0408)
SELinux context corruption. (CVE-2024-0409)
References
- https://bugs.mageia.org/show_bug.cgi?id=32747
- https://www.openwall.com/lists/oss-security/2024/01/18/1
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.374309
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6816
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0229
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21885
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21886
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0408
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0409
SRPMS
9/core
- x11-server-21.1.8-7.3.mga9
- x11-server-xwayland-22.1.9-1.3.mga9
- tigervnc-1.13.1-2.3.mga9