41 matches found
RHEL 9 : xorg-x11-server-Xwayland (RHSA-2024:2170)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2170 advisory. Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: Out-of-bounds write in...
USN-6587-5 xorg-server vulnerabilities
USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty...
GLSA-202401-30 : X.Org X Server, XWayland: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-30 X.Org X Server, XWayland: Multiple Vulnerabilities - A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap ...
USN-6587-3 xorg-server, xwayland regression
USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processin...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xorg-x11-server (SUSE-SU-2024:0249-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0249-1 advisory. - A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when...
SUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2024:0252-1)
The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0252-1 advisory. - A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving...
SUSE SLES12 Security Update : xorg-x11-server (SUSE-SU-2024:0236-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0236-1 advisory. - A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it...
Debian dla-3721 : xdmx - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3721 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3721-1 [email protected]...
xorg-x11-server: SELinux context corruption
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context...
USN-6587-2: X.Org X Server vulnerabilities
USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and...
Out-of-bounds Write
X.Org server is vulnerable to Out-of-bounds Write. The vulnerability is caused due to the cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX conte...
SUSE SLED15 Security Update : xwayland (SUSE-SU-2024:0165-1)
The remote SUSE Linux SLED15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0165-1 advisory. - A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down...
Fedora 39 : xorg-x11-server-Xwayland (2024-da3d410b53)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-da3d410b53 advisory. xwayland 23.2.4 - Fix for CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408, CVE-2024-0409 Tenable has extracted the...
AZL-45339 CVE-2024-0409 affecting package xorg-x11-server 1.20.10-6
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context...
Code injection
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context...
CVE-2024-0409 Xorg-x11-server: selinux context corruption
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context...
CVE-2024-0409
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context...
CVE-2024-0409
CVE-2024-0409 is part of multiple xorg-x11-server advisories (ALSA/ALAS2/CentOS) affecting X.Org X server components. Connected documents specify concrete CVEs and affected packages: CVE-2023-6816 (Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer), CVE-2024-0229 (reattaching to dif...
CVE-2024-0409 Xorg-x11-server: selinux context corruption
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context...
CVE-2024-0409
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context. Mitigation Mitigation for this issue is eith...