MGASA-2023-0307 Updated x11-server packages fix security vulnerabilities

The updated packages fix security vulnerabilities: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. CVE-2023-5367 Use-after-free bug in DestroyWindow. CVE-2023-5380 Use-after-free bug in DamageDestroy. CVE-2023-5574...

MGASA-2022-0256 Updated x11-server packages fix security vulnerabilities

Updated x11-server packages fix security vulnerabilities: ProcXkbSetGeometry Out-Of-Bounds Access. The handler for the ProcXkbSetGeometry request of the Xkb extension does not properly validate the request length leading to out of bounds memory write CVE-2022-2319. ProcXkbSetDeviceInfo...

MGASA-2021-0573 Updated x11-server packages fix security vulnerabilities

Updated x11-server packages fix security vulnerabilities: The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write CVE-2021-4008. The handler for the CreatePointerBarrier request of the XFixes extension...

MGASA-2021-0190 Updated x11-server packages fix security vulnerability

Insufficient checks on the lengths of the XInput extension ChangeFeedbackControl request can lead to out of bounds memory accesses in the X server. These issues can lead to privilege escalation for authorized clients on systems where the X server is running privileged CVE-2021-3472...

MGASA-2020-0335 Updated x11-server packages fix security vulnerability

Allocation for pixmap data in AllocatePixmap does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws known/unknown could lead to lead t...

Updated x11-server packages fix security vulnerabilities & bugs

The upstream 1.19.4 update we pushed as: http://advisories.mageia.org/MGASA-2017-0366.html introduced a regression in PRIME syncronization. Upstream released a 1.19.5 that fixes that and a lot of security fixes: CVE-2017-12176 to CVE-2017-12187 Also added a fix for "XShmGetImage: fix censoring"...

MGASA-2017-0401 Updated x11-server packages fix security vulnerabilities & bugs

The upstream 1.19.4 update we pushed as: http://advisories.mageia.org/MGASA-2017-0366.html introduced a regression in PRIME syncronization. Upstream released a 1.19.5 that fixes that and a lot of security fixes: CVE-2017-12176 to CVE-2017-12187 Also added a fix for "XShmGetImage: fix censoring"...

MGASA-2017-0366 Updated x11-server packages fix security vulnerabilities

In Xext/shm, the shmseg resource id can belong to a non-existing client and abort X server with FatalError "client not in use", or overwrite existing segment of another existing client CVE-2017-13721. Generating strings for XKB data used a single shared static buffer, which offered several...

MGASA-2015-0196 Updated x11-server packages fix CVE-2015-3418

Updated x11-server packages fix security vulnerability: A regression in the fix for CVE-2014-8092 MGASA-2014-0532 caused another issue which could lead to a local denial of service CVE-2015-3418...

MGASA-2015-0073 Updated x11-server packages fix CVE-2015-0255

Updated x11-server packages fix security vulnerability: Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengt...

Updated x11-server packages fix security vulnerabilities

Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100,...

MGASA-2013-0317 Updated x11-server packages fix CVE-2013-4396

Updated x11-server packages fix security vulnerability: Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code vi...