xwayland is vulnerable to remote code execution. The handler for the ScreenSaverSetAttributes
request may write to memory after it has been freed leading to local privileges elevation on systems where the server is running privileged and remote code execution for ssh X forwarding sessions.
access.redhat.com/errata/RHSA-2023:0045
access.redhat.com/errata/RHSA-2023:0046
access.redhat.com/security/cve/CVE-2022-46343
bugzilla.redhat.com/show_bug.cgi?id=2151758
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
lists.fedoraproject.org/archives/list/[email protected]/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
lists.fedoraproject.org/archives/list/[email protected]/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
lists.fedoraproject.org/archives/list/[email protected]/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.17/community.yaml
security.gentoo.org/glsa/202305-30
www.debian.org/security/2022/dsa-5304