[slackware-security] xorg-server

New xorg-server packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/xorg-server-1.20.14-i586-20slack15.0.txz: Rebuilt. This update fixes security issues: Font Alias Stack-based Buffer Overflow. XSY...

MiracleLinux 4 : xorg-x11-server-1.13.0-23.1.0.1.AXS4 (AXSA:2014-075:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-075:01 advisory. X.Org X11 X server Security issues fixed with this release: CVE-2013-1940 X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict acce...

EUVD-2024-16204

Malicious code in bioql PyPI...

EulerOS 2.0 SP5 : xorg-x11-server (EulerOS-SA-2024-2079)

According to the versions of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. Wh...

EulerOS 2.0 SP5 : tigervnc (EulerOS-SA-2024-2077)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the...

EulerOS 2.0 SP8 : tigervnc (EulerOS-SA-2024-2062)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some...

xorg-x11-server: SELinux context corruption

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context...

xorg-x11-server: SELinux context corruption

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context...

CentOS 8 : xorg-x11-server-Xwayland (CESA-2024:2996)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:2996 advisory. - A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data...

OESA-2024-1598 xorg-x11-server-xwayland security update

Xwayland is an X server for running X clients under Wayland. %package devel Summary: Development package Requires: pkgconfig %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland. %prep %autosetup -n...

Oracle Linux 9 : xorg-x11-server-Xwayland (ELSA-2024-2170)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2170 advisory. - Fix for CVE-2023-6377, CVE-2023-6478 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

xorg-x11-server: SELinux context corruption

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context...

EulerOS 2.0 SP9 : xorg-x11-server (EulerOS-SA-2024-1522)

According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently dow...

Ubuntu 16.04 ESM / 18.04 ESM : X.Org X Server regression (USN-6587-4)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6587-4 advisory. USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Tenable...

GLSA-202401-30 : X.Org X Server, XWayland: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-30 X.Org X Server, XWayland: Multiple Vulnerabilities - A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap ...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : X.Org X Server regression (USN-6587-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6587-3 advisory. USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xorg-x11-server (SUSE-SU-2024:0249-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0249-1 advisory. - A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when...

SUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2024:0252-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0252-1 advisory. - A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving...

SUSE SLES12 Security Update : xorg-x11-server (SUSE-SU-2024:0236-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0236-1 advisory. - A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it...

Debian dla-3721 : xdmx - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3721 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3721-1 [email protected]...