Forum: >>> Magnum BBS <<<

[gentoo-announce] [ GLSA 202305-30 ] X.Org X server, XWayland: Multiple

From glsamaker@gentoo.org@21:1/5 to All on Tue May 30 05:10:01 2023

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202305-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: X.Org X server, XWayland: Multiple Vulnerabilities
Date: May 30, 2023
Bugs: #829208, #877459, #885825, #893438, #903547
ID: 202305-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in the Xorg Server and
XWayland, the worst of which can result in privilege escalation or
remote code execution.

Background
==========

The X Window System is a graphical windowing system based on a
client/server model.

Affected packages
=================

Package Vulnerable Unaffected
-------------------- ------------ ------------
x11-base/xorg-server < 21.1.8 >= 21.1.8
x11-base/xwayland < 23.1.1 >= 23.1.1

Description
===========

Multiple vulnerabilities have been discovered in X.Org X server,
XWayland. Please review the CVE identifiers referenced below for
details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All X.Org X server users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.8"

All XWayland users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-base/xwayland-23.1.1"

References
==========

[ 1 ] CVE-2021-4008
https://nvd.nist.gov/vuln/detail/CVE-2021-4008
[ 2 ] CVE-2021-4009
https://nvd.nist.gov/vuln/detail/CVE-2021-4009
[ 3 ] CVE-2021-4010
https://nvd.nist.gov/vuln/detail/CVE-2021-4010
[ 4 ] CVE-2021-4011
https://nvd.nist.gov/vuln/detail/CVE-2021-4011
[ 5 ] CVE-2022-3550
https://nvd.nist.gov/vuln/detail/CVE-2022-3550
[ 6 ] CVE-2022-3551
https://nvd.nist.gov/vuln/detail/CVE-2022-3551
[ 7 ] CVE-2022-3553
https://nvd.nist.gov/vuln/detail/CVE-2022-3553
[ 8 ] CVE-2022-4283
https://nvd.nist.gov/vuln/detail/CVE-2022-4283
[ 9 ] CVE-2022-46283
https://nvd.nist.gov/vuln/detail/CVE-2022-46283
[ 10 ] CVE-2022-46340
https://nvd.nist.gov/vuln/detail/CVE-2022-46340
[ 11 ] CVE-2022-46341
https://nvd.nist.gov/vuln/detail/CVE-2022-46341
[ 12 ] CVE-2022-46342
https://nvd.nist.gov/vuln/detail/CVE-2022-46342
[ 13 ] CVE-2022-46343
https://nvd.nist.gov/vuln/detail/CVE-2022-46343
[ 14 ] CVE-2022-46344
https://nvd.nist.gov/vuln/detail/CVE-2022-46344
[ 15 ] CVE-2023-0494
https://nvd.nist.gov/vuln/detail/CVE-2023-0494
[ 16 ] CVE-2023-1393
https://nvd.nist.gov/vuln/detail/CVE-2023-1393
[ 17 ] ZDI-CAN-19596

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202305-30

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmR1ZX8ACgkQFMQkOaVy +9kh4Q//Sf2mdd2INp1pdmE5nN1AbShoR0/T7OnrhjBeMy5p2ln0yHhLp6jdF25U 62UaVu7UWH/E3xiREap7+bXZSbjOan3eVnUwJu0IPGyu3pY6/hRSXW8zy+OAbusq gkzohzZj1tbuoPbFZ+jRQt9xbZhS0SaAljWhwGl87yG/9fDqhR9vaWAyvA9eIMpQ UL0t9oxx+svmZvShiuDKmqkPaP8Ppj7u3EHe/Pj+lfX3SAJutoByTtzkPrLqD8et Nq6kZtMeoIQk0MYqv1fgz1xZ1c+4D5TvxQTIp8XWcEJpi8UBexjt2Ff6fkDcqTrJ p7EMp/VbaVxdJo8Ods0n5H4AYnkOEw91RHSmKN/CSdyvADcbKpatNExCxOqjzaIM Gr4ENfGyjZW8NWPmc5T007w1Rb5TwAYa0BooBXxNNyIbNV5V2eOQAf3buFBSwEN7 YGoRG2a0LKt0rGgldW4b9RZepPcyPaQCATQnXK3Xhd6dJGqdiv9xtPfsNgsEyEp0 Lcs3s63Q+DR93oic+CTaXVnu2F0DW/WKpBP9X69+2e+MnEwsdVYgwO3RoBCkV17W YlRIS8gp2TVBcnjX8bw22f1nTbHnt8KJnUor7NHxQFWRZ5MCbm6hNGma/NVsglSp o9+LWvhUC8drarZUJluRqX5lHrI06PDoabQsZxXpJ+zmW+drl0Y=
=SyCd
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Gretchiie
  Mon Sep 15 05:16:29 2025
  from Derry, Nh via Telnet
- Fred Blogs
  Mon Sep 15 00:03:12 2025
  from Uk via SSH
- Plume
  Sun Sep 14 09:34:52 2025
  from Uk via Raw
- Gretchiie
  Sun Sep 14 06:07:30 2025
  from Derry, Nh via Telnet
- Thlc
  Sat Sep 13 17:11:34 2025
  from Rognac, France via Telnet
- Thlc
  Sat Sep 13 17:04:03 2025
  from Rognac, France via Telnet
- Thlc
  Sat Sep 13 16:32:19 2025
  from Rognac, France via SSH
- Thlc
  Sat Sep 13 15:41:11 2025
  from Rognac, France via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (2 / 14)
Uptime:	01:09:17
Calls:	10,387
Calls today:	2
Files:	14,061
Messages:	6,416,725

[gentoo-announce] [ GLSA 202305-30 ] X.Org X server, XWayland: Multiple

Who's Online

Recent Visitors

System Info