1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202210-30 ] X.Org X server, XWayland: Multiple

    From [email protected]@21:1/5 to All on Mon Oct 31 03:20:01 2022
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202210-30
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: X.Org X server, XWayland: Multiple Vulnerabilities
    Date: October 31, 2022
    Bugs: #857780
    ID: 202210-30

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been discovered in the Xorg Server and
    XWayland, the worst of which can result in remote code execution.

    Background
    ==========

    The X Window System is a graphical windowing system based on a
    client/server model.

    Affected packages
    =================

    -------------------------------------------------------------------
    Package / Vulnerable / Unaffected
    -------------------------------------------------------------------
    1 x11-base/xorg-server < 21.1.4 >= 21.1.4
    2 x11-base/xwayland < 22.1.3 >= 22.1.3

    Description
    ===========

    Multiple vulnerabilities have been discovered in X.Org X server and
    XWayland. Please review the CVE identifiers referenced below for
    details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All X.Org X server users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.4"

    All XWayland users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-base/xwayland-22.1.3"

    References
    ==========

    [ 1 ] CVE-2022-2319
    https://nvd.nist.gov/vuln/detail/CVE-2022-2319
    [ 2 ] CVE-2022-2320
    https://nvd.nist.gov/vuln/detail/CVE-2022-2320

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202210-30

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2022 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmNfJBUACgkQFMQkOaVy +9nkWhAAtwtOINxsf6/CbkDkhZ+dXpfQJnE4z92ZApxAK+Z55i+GDEJZfcpkNhtE 6q4Oy8jPzNtALwTZ8/FeJFTx5kkcK38z+nww0xsutCQ+QYVocSUWvVjL2n5eG4JQ kaElgRn/O7uIa1I5J8rRKmv4rLGatAR+7x9n9NHLU4CdhFKd9aCumKhxlwiK2WWq AjMVv86uTSJv29oG8LkyaqUjGrNOpC7pTZ/yz0DurVjCaIyDr6WKmIwR6I8jdp5b 7l7aeAufijfboQ8NaRt1nmtFYYofg7KTIJJr8fVkc0/Yi08ucUa5QnNIhznNmZ1p fEUBi7cSJBeaFeD2LRlUUn0B+WpvogNQwLrcFYU7KXJHzgn6xaZWsogPRzt2JEd8 nIOG2w/vQzXXAE9GFYZV2DzfpJLl8O675UwUSZpvBZoiAqOesGUURx83TFEkK+uw Imf7FZmkGDR+qiUivMc5QjWXJGJtvAX7rQWJCTMPn4vyG0k3El649TrKVw3BzE1Z HhSZmeV/7ieELHaVeSm1Su72K3I1kszG26vzQI9q/YZ7nZPsAcL6n3vF+m0RMWNY /bE/ZEQsTUnu4/jN/BkiICzUNOCcbdl4zRDig37CXmYZshH/TbQeaRgSC5X976s9 G0PRSL6m0/jyGgQd13pCliMDGoSuTT1Ed+iA5qD+XBE3CA4t//4=
    =aY0K
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)