Updated x11-server and tigervnc packages fix security vulnerabilities

2024-01-1501:23:43

Gentoo Foundation

advisories.mageia.org

x11-server

tigervnc

security vulnerabilities

memory reads

local privilege escalation

remote code execution

integer overflow

sensitive information

x11 forwarding

disclosure

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.273 Low

EPSS

Percentile

96.8%

JSON

The updated packages fix security vulnerabilities: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. (CVE-2023-6377) A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. (CVE-2023-6478)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchx11-server< 21.1.8-7.2x11-server-21.1.8-7.2.mga9
Mageia9noarchx11-server-xwayland< 22.1.9-1.2x11-server-xwayland-22.1.9-1.2.mga9
Mageia9noarchtigervnc< 1.13.1-2.2tigervnc-1.13.1-2.2.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	x11-server	< 21.1.8-7.2	x11-server-21.1.8-7.2.mga9
Mageia	9	noarch	x11-server-xwayland	< 22.1.9-1.2	x11-server-xwayland-22.1.9-1.2.mga9
Mageia	9	noarch	tigervnc	< 1.13.1-2.2	tigervnc-1.13.1-2.2.mga9