Package xorg-server updated to version 1.20.14-alt14 for branch p10 in task 361143.

Published: 2024-10-08

BDU:2024-09084

Уязвимость функции _XkbSetCompatMap реализации сервера X Window System X.Org Server, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2024-9632
ZDI-24-1453
ZDI-CAN-24756

Published: 2024-10-30
Modified: 2024-11-21

CVE-2024-9632

A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.

References:

http://seclists.org/fulldisclosure/2024/Oct/20
http://www.openwall.com/lists/oss-security/2024/10/29/2
RHSA-2024:10090
RHSA-2024:8798
RHSA-2024:9540
RHSA-2024:9579
RHSA-2024:9601
RHSA-2024:9690
RHSA-2024:9816
RHSA-2024:9818
RHSA-2024:9819
RHSA-2024:9820
RHSA-2024:9901
https://access.redhat.com/security/cve/CVE-2024-9632
RHBZ#2317233
https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html

Version: 2.1.0

Package xorg-server update in p10 on 2024-11-11

ALT-PU-2024-14929-2

Closed vulnerabilities

BDU:2024-09084

CVE-2024-9632