Slackware Linux ProjectSSA-2021-350-01[slackware-security] xorg-server
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0005 Low
EPSS
Percentile
16.6%
New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.
Note that in slackware-current there are 4 issues fixed (CVE-2021-4008,
CVE-2021-4009, CVE-2021-4010, and CVE-2021-4011). In Slackware 14.0, 14.1,
and 14.2 the earlier versions of xorg-server don’t contain all of the
vulnerable code, so only the applicable issues have been patched.
Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/xorg-server-1.18.3-i586-6_slack14.2.txz: Rebuilt.
Fixes for multiple input validation failures in X server extensions:
render: Fix out of bounds access in SProcRenderCompositeGlyphs()
xfixes: Fix out of bounds access in ProcXFixesCreatePointerBarrier()
For more information, see:
https://vulners.com/cve/CVE-2021-4008
https://vulners.com/cve/CVE-2021-4009
( Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-6_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-6_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-6_slack14.2.txz: Rebuilt.
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-6_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-6_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-6_slack14.0.txz
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xvfb-1.14.3-i486-7_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xnest-1.14.3-x86_64-7_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xvfb-1.14.3-x86_64-7_slack14.1.txz
Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-1.18.3-i586-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-6_slack14.2.txz
Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-6_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-6_slack14.2.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.20.14-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.20.14-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.20.14-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.20.14-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-21.1.4-i586-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.20.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.20.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.20.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.20.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-21.1.4-x86_64-1.txz
MD5 signatures:
Slackware 14.0 packages:
6d04a626a4b75554867d8002b280a37d xorg-server-1.12.4-i486-6_slack14.0.txz
dd7e82b89fa0b2a2a3a107d9be3d95a3 xorg-server-xephyr-1.12.4-i486-6_slack14.0.txz
a85a521a9f968a9be684c5c3c4f66af9 xorg-server-xnest-1.12.4-i486-6_slack14.0.txz
6369db62dadfc4b07902f3106c77dfe5 xorg-server-xvfb-1.12.4-i486-6_slack14.0.txz
Slackware x86_64 14.0 packages:
5e0a9ca853e074b6351572fa90fbecc5 xorg-server-1.12.4-x86_64-6_slack14.0.txz
8b9e95e91cd5d6092a1854a6238266f6 xorg-server-xephyr-1.12.4-x86_64-6_slack14.0.txz
9b7ecbd05021df492d17c80d7158e731 xorg-server-xnest-1.12.4-x86_64-6_slack14.0.txz
a1fd5efd20e49303636a6038f674e87f xorg-server-xvfb-1.12.4-x86_64-6_slack14.0.txz
Slackware 14.1 packages:
839097f02532392934b488031610fdbf xorg-server-1.14.3-i486-7_slack14.1.txz
ea42a3c4b45e14c1e50fadd6199b1157 xorg-server-xephyr-1.14.3-i486-7_slack14.1.txz
00d19e50b61a636f88848cd2fd5c2df5 xorg-server-xnest-1.14.3-i486-7_slack14.1.txz
57299b366cf51215dc362fddae77fcee xorg-server-xvfb-1.14.3-i486-7_slack14.1.txz
Slackware x86_64 14.1 packages:
39182c0be97860fec2ec4ffbf694297d xorg-server-1.14.3-x86_64-7_slack14.1.txz
c8ce89274d84dd237a001580cc57c6f6 xorg-server-xephyr-1.14.3-x86_64-7_slack14.1.txz
50da8dc72ae2f092a25a513b20c1f63f xorg-server-xnest-1.14.3-x86_64-7_slack14.1.txz
9da5a4250085102952c849eb7f8f2ab3 xorg-server-xvfb-1.14.3-x86_64-7_slack14.1.txz
Slackware 14.2 packages:
90be9329bb702b8b307d1242342a1bd8 xorg-server-1.18.3-i586-6_slack14.2.txz
b4bb357429448529fe6543842ad732cc xorg-server-xephyr-1.18.3-i586-6_slack14.2.txz
c53c8bbf2180ebd3c16f924e5a5b1ac7 xorg-server-xnest-1.18.3-i586-6_slack14.2.txz
bc876b95c3d459edb6f5243bc56e84f5 xorg-server-xvfb-1.18.3-i586-6_slack14.2.txz
Slackware x86_64 14.2 packages:
71001773060777d0a95375ed401fd70c xorg-server-1.18.3-x86_64-6_slack14.2.txz
8d014f753c3f6ec4218eb8477274277c xorg-server-xephyr-1.18.3-x86_64-6_slack14.2.txz
02b34119da99c14ce296aa168f489791 xorg-server-xnest-1.18.3-x86_64-6_slack14.2.txz
44f94cabe0ef711db29d929ea952de5e xorg-server-xvfb-1.18.3-x86_64-6_slack14.2.txz
Slackware -current packages:
a11ba87a73c4517149f94e7cd9090368 x/xorg-server-1.20.14-i586-1.txz
dabff0584671d18628afca610e6be6e6 x/xorg-server-xephyr-1.20.14-i586-1.txz
7fd3c55b00ffc216bfd967cb7e9ed217 x/xorg-server-xnest-1.20.14-i586-1.txz
4bb77c644a9270891af1777719c142ef x/xorg-server-xvfb-1.20.14-i586-1.txz
0af0996e39965a93284709609fd85547 x/xorg-server-xwayland-21.1.4-i586-1.txz
Slackware x86_64 -current packages:
203e2fad285325ead3e2bc61df22c4f9 x/xorg-server-1.20.14-x86_64-1.txz
067a5f9920f87adcb97391ee3ea875cb x/xorg-server-xephyr-1.20.14-x86_64-1.txz
6f3b8490c4a6248d9002ff90f0588469 x/xorg-server-xnest-1.20.14-x86_64-1.txz
86eee6735abb2e7090df28d48ac029f5 x/xorg-server-xvfb-1.20.14-x86_64-1.txz
94fcba23c4620b951af49ca56d829a22 x/xorg-server-xwayland-21.1.4-x86_64-1.txz
Installation instructions:
Upgrade the packages as root:
> upgradepkg xorg-server-*.txz
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0005 Low
EPSS
Percentile
16.6%