Lucene search
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2022-1917.NASLHistoryMay 12, 2022 - 12:00 a.m.
AlmaLinux 8 : xorg-x11-server and xorg-x11-server-Xwayland (ALSA-2022:1917)
2022-05-1200:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1917 advisory.
-
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-4008)
-
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-4009)
-
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-4010)
-
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-4011)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2022:1917.
##
include('compat.inc');
if (description)
{
script_id(161102);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/12");
script_cve_id(
"CVE-2021-4008",
"CVE-2021-4009",
"CVE-2021-4010",
"CVE-2021-4011"
);
script_xref(name:"ALSA", value:"2022:1917");
script_name(english:"AlmaLinux 8 : xorg-x11-server and xorg-x11-server-Xwayland (ALSA-2022:1917)");
script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ALSA-2022:1917 advisory.
- A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access
can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to
data confidentiality and integrity as well as system availability. (CVE-2021-4008)
- A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access
can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is
to data confidentiality and integrity as well as system availability. (CVE-2021-4009)
- A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access
can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability. (CVE-2021-4010)
- A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access
can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability. (CVE-2021-4011)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/8/ALSA-2022-1917.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-4011");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/12/17");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:xorg-x11-server-Xdmx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:xorg-x11-server-Xephyr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:xorg-x11-server-Xnest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:xorg-x11-server-Xorg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:xorg-x11-server-Xvfb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:xorg-x11-server-Xwayland");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:xorg-x11-server-common");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Alma Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AlmaLinux/release');
if (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
var os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);
if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);
var pkgs = [
{'reference':'xorg-x11-server-common-1.20.11-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-common-1.20.11-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-Xdmx-1.20.11-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-Xdmx-1.20.11-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-Xephyr-1.20.11-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-Xephyr-1.20.11-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-Xnest-1.20.11-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-Xnest-1.20.11-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-Xorg-1.20.11-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-Xorg-1.20.11-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-Xvfb-1.20.11-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-Xvfb-1.20.11-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-Xwayland-21.1.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xorg-x11-server-Xwayland-21.1.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / xorg-x11-server-Xnest / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| alma | linux | xorg-x11-server-xdmx | p-cpe:/a:alma:linux:xorg-x11-server-xdmx |
| alma | linux | xorg-x11-server-xephyr | p-cpe:/a:alma:linux:xorg-x11-server-xephyr |
| alma | linux | xorg-x11-server-xnest | p-cpe:/a:alma:linux:xorg-x11-server-xnest |
| alma | linux | xorg-x11-server-xorg | p-cpe:/a:alma:linux:xorg-x11-server-xorg |
| alma | linux | xorg-x11-server-xvfb | p-cpe:/a:alma:linux:xorg-x11-server-xvfb |
| alma | linux | xorg-x11-server-xwayland | p-cpe:/a:alma:linux:xorg-x11-server-xwayland |
| alma | linux | xorg-x11-server-common | p-cpe:/a:alma:linux:xorg-x11-server-common |
| alma | linux | 8 | cpe:/o:alma:linux:8 |
Related
oraclelinux
oraclelinux
xorg-x11-server security update
2022-01-04 00:00:00
xorg-x11-server and xorg-x11-server-Xwayland security update
2022-05-17 00:00:00
osv
osv
xorg-server - security update
2021-12-21 00:00:00
Moderate: xorg-x11-server and xorg-x11-server-Xwayland security update
2022-05-10 08:07:43
xorg-server, xorg-server-hwe-18.04, xwayland vulnerabilities
2021-12-14 18:13:20
nessus
nessus
EulerOS 2.0 SP10 : xorg-x11-server (EulerOS-SA-2022-1471)
2022-04-20 00:00:00
Amazon Linux 2022 : (ALAS2022-2022-209)
2023-01-25 00:00:00
Oracle Linux 7 : xorg-x11-server (ELSA-2022-0003)
2022-01-04 00:00:00
redhat
redhat
(RHSA-2022:0003) Important: xorg-x11-server security update
2022-01-03 07:30:57
openvas
openvas
Debian: Security Advisory (DSA-5027-1)
2021-12-22 00:00:00
Slackware: Security Advisory (SSA:2021-350-01)
2022-04-21 00:00:00
Fedora: Security Advisory for xorg-x11-server (FEDORA-2021-664a6554a1)
2022-01-07 00:00:00
mageia
mageia
Updated x11-server packages fix security vulnerabilities
2021-12-22 02:27:37
debian
debian
[SECURITY] [DSA 5027-1] xorg-server security update
2021-12-21 20:01:26
[SECURITY] [DLA 2869-1] xorg-server security update
2021-12-29 22:30:23
altlinux
altlinux
Security fix for the ALT Linux 10 package xorg-server version 2:1.20.13-alt5
2021-12-24 00:00:00
slackware
slackware
[slackware-security] xorg-server
2021-12-16 21:47:31
redos
redos
ROS-20220112-01
2022-01-12 00:00:00
ubuntu
ubuntu
X.Org X Server vulnerabilities
2021-12-14 00:00:00
X.Org X Server vulnerabilities
2023-07-27 00:00:00
X.Org X Server vulnerabilities
2022-01-26 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: xorg-x11-server-1.20.14-1.fc34
2022-01-02 01:07:20
[SECURITY] Fedora 35 Update: xorg-x11-server-1.20.14-1.fc35
2021-12-19 01:11:45
[SECURITY] Fedora 35 Update: xorg-x11-server-Xwayland-21.1.4-1.fc35
2021-12-18 01:23:08
amazon
amazon
Important: xorg-x11-server
2022-01-18 21:38:00
rocky
rocky
xorg-x11-server and xorg-x11-server-Xwayland security update
2022-05-10 08:07:43
almalinux
almalinux
Moderate: xorg-x11-server and xorg-x11-server-Xwayland security update
2022-05-10 00:00:00
centos
centos
xorg security update
2022-01-04 19:22:29
suse
suse
Security update for xorg-x11-server (important)
2021-12-22 00:00:00
Security update for xorg-x11-server (important)
2021-12-21 00:00:00
Security update for xorg-x11-server (important)
2022-02-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-12-15 20:02:22
Denial Of Service (DoS)
2021-12-15 20:02:20
Denial Of Service (DoS)
2021-12-15 19:36:03
cnvd
cnvd
xorg-x11-server out-of-bounds access vulnerability (CNVD-2022-04966)
2021-12-20 00:00:00
xorg-x11-server out-of-bounds access vulnerability (CNVD-2022-04968)
2021-12-20 00:00:00
xorg-x11-server out-of-bounds access vulnerability (CNVD-2022-04967)
2021-12-20 00:00:00
ubuntucve
ubuntucve
cvelist
cvelist
prion
prion
Out-of-bounds
2021-12-17 17:15:00
Design/Logic Flaw
2021-12-17 17:15:00
Design/Logic Flaw
2021-12-17 17:15:00
zdi
zdi
alpinelinux
alpinelinux
cve
cve
debiancve
debiancve
redhatcve
redhatcve
gentoo
gentoo
X.Org X server, XWayland: Multiple Vulnerabilities
2023-05-30 00:00:00
Related for ALMA_LINUX_ALSA-2022-1917.NASL