1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202411-08 ] X.Org X server, XWayland: Multiple

    From glsamaker@gentoo.org@21:1/5 to All on Sun Nov 17 11:00:01 2024
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202411-08
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: X.Org X server, XWayland: Multiple Vulnerabilities
    Date: November 17, 2024
    Bugs: #928531, #942465
    ID: 202411-08

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    A vulnerability has been discovered in the Xorg Server and XWayland, the
    worst of which can result in privilege escalation.

    Background
    ==========

    The X Window System is a graphical windowing system based on a
    client/server model.

    Affected packages
    =================

    Package Vulnerable Unaffected
    -------------------- ------------ ------------
    x11-base/xorg-server < 21.1.14 >= 21.1.14
    x11-base/xwayland < 24.1.4 >= 24.1.4

    Description
    ===========

    Multiple vulnerabilities have been discovered in X.Org X server and
    XWayland. Please review the CVE identifiers referenced below for
    details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All X.Org X server users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.14"

    All XWayland users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-base/xwayland-24.1.4"

    References
    ==========

    [ 1 ] CVE-2024-9632
    https://nvd.nist.gov/vuln/detail/CVE-2024-9632
    [ 2 ] CVE-2024-31080
    https://nvd.nist.gov/vuln/detail/CVE-2024-31080
    [ 3 ] CVE-2024-31081
    https://nvd.nist.gov/vuln/detail/CVE-2024-31081
    [ 4 ] CVE-2024-31082
    https://nvd.nist.gov/vuln/detail/CVE-2024-31082
    [ 5 ] CVE-2024-31083
    https://nvd.nist.gov/vuln/detail/CVE-2024-31083

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202411-08

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2024 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmc5vCkACgkQFMQkOaVy +9lFPBAA22TJVBssJVPoRUwXnGdGnGTbcRWft8ELQyoSm0aZ4GjpNAEnTUH6asbh XWoB38rsAV3OTBFe78QI0ufz0rZXGXi3I9+bAHKFgyIX9VYEdZl/c0MksNkeUo6Z 981/Dh/beq8nxJvB77RqLKTAVi6f/Vg93XNMeulWNwSdWJYB+8thEOPn5iuLUX85 ue+yqY8zZ1dMv+LzKlnm9T+WjhgO1uwEk8I5ScKtmHjRnIQXufjY+3/LQLLBuF3z AO36I9Z3Uzs1KrK877ZUKKD0oFV3m2pC9u1+K5EVOl50RX1MjE4FQDl8QC2MvSRR 5BBlaxUl5V+4rV4d5uX4ct+t54EL2nwfAQByLmJ1xZ4FDxfh8wC+1Rt2pmmjuzp3 jLSEaz4CCwSMtE3DchbykRjHgEBy91lbAseg8JgxOiQ8tEPp0mn90/udlNSbCBRQ UmKPwFHQMMpm3uG3W0pGqx/s9+A697mEVVRYKk8czW1o4tM5CTbbJE7tkX3t6RbX sLbSQjbuTEZHJegBWZf2wjcnXgJZQsj3zfQdPOKK2tZNpCs5p5AbNeMypyVT3UFg BhGZLXBTenc56tAEkMus0/C8tjBvbIqqx5UC0evHKLW9DwWu7Zp9+RebGLZEtRmf H+0QjXPmrf3rD6uPTZk9JB9DbTb7OBv0+SDxIFoSoC5NEIM5t6c=
    =6n3R
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)