X.Org Server & XWayland Updated Due To New Round Of Security Vulnerabilities
It's been well exhibited over the past decade about the security issues with the aging X.Org/X11 codebase and new security vulnerabilities routinely coming to light. The X.Org Server keeps getting hit hard by new security issues as researchers poke at the aging codebase. XWayland that relies on core X.Org Server parts too is also routinely in the crossfire.
X.Org Server 21.1.5 was released overnight for a new batch of security vulnerabilities: CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344, and CVE-2022-4283.
Similarly, XWayland 22.1.6 is out for mitigating much of the same security issues: CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344, and CVE-2022-4283.
These CVEs pertain to security issues in X.Org Server extensions and are around stack overflows, use-after-free, out-of-bounds accesses, and similar problems. These CVEs can lead to local privilege escalation on systems where the X.Org Server is running privileged or remote code execution for SSH X11 forwarding sessions.
Details on these latest X.Org Server security vulnerabilities can be found via the security advisory.