xorg-server is vulnerable to Remote Code Execution (RCE).The vulnerability exists because the swap handler for the XTestFakeInput
request of the XTest
extension may corrupt the stack if GenericEvents
with lengths larger than 32 bytes are sent through a the XTestFakeInput
request.
access.redhat.com/errata/RHSA-2023:0045
access.redhat.com/errata/RHSA-2023:0046
access.redhat.com/security/cve/CVE-2022-46340
bugzilla.redhat.com/show_bug.cgi?id=2151755
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
lists.fedoraproject.org/archives/list/[email protected]/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
lists.fedoraproject.org/archives/list/[email protected]/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
lists.fedoraproject.org/archives/list/[email protected]/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/
lists.fedoraproject.org/archives/list/[email protected]/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.17/community.yaml
security.gentoo.org/glsa/202305-30
www.debian.org/security/2022/dsa-5304