Lucene search

K
centosCentOS ProjectCESA-2023:0046
HistoryJan 30, 2023 - 4:41 p.m.

xorg security update

2023-01-3016:41:38
CentOS Project
lists.centos.org
65
xorg
security fix
x window system
cve-2022-4283
stack overflow
out-of-bounds access
low-level functionality
centos errata
merged security bulletin
affected packages
xorg-x11-server

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.104

Percentile

95.1%

CentOS Errata and Security Advisory CESA-2023:0046

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

  • xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free (CVE-2022-4283)

  • xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow (CVE-2022-46340)

  • xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access (CVE-2022-46341)

  • xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free (CVE-2022-46342)

  • xorg-x11-server: X.Org Server ScreenSaverSetAttributes use-after-free (CVE-2022-46343)

  • xorg-x11-server: X.Org Server XIChangeProperty out-of-bounds access (CVE-2022-46344)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2023-January/086360.html

Affected packages:
xorg-x11-server-Xdmx
xorg-x11-server-Xephyr
xorg-x11-server-Xnest
xorg-x11-server-Xorg
xorg-x11-server-Xvfb
xorg-x11-server-Xwayland
xorg-x11-server-common
xorg-x11-server-devel
xorg-x11-server-source

Upstream details at:
https://access.redhat.com/errata/RHSA-2023:0046

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.104

Percentile

95.1%