X.Org Server & XWayland Updated Due To Two Decade-Old Security Vulnerabilities
The X.Org Server doesn't see much in the way of feature work these days with Red Hat and others divesting from classic X.Org/X11 sessions. But there continues to be new point releases of the X.Org Server and the XWayland code due to long-standing security issues within the X.Org codebase. New point releases were out last night due to two CVEs for bugs dating back to 2007 and 2009.
X.Org Server 21.1.10 and XWayland 23.2.3 are now available to address CVE-2023-6377 and CVE-2023-6478.
The CVE-2023-6377 vulnerability is an out-of-bounds memory write within the XKB button actions where forcing a logical device change on a device with buttons can result in that out-of-bounds memory write. This could lead to a local privilege escalation if the server is run as root or using remote code execution like X11-over-SSH.
CVE-2023-6478 is an out-of-bounds memory read within the RRChangeOutputProperty and RRChangeProviderProperty functions that could lead to information disclosure.
These latest X.Org Security vulnerabilities were uncovered by the Trend Micro Zero Day Initiative that has also been responsible for uncovering a number of other security issues within the X.Org codebase over the years.
More details on these latest issues via the X.Org security advisory.
Separate from these security woes but in somewhat related news, Alan Coopersmith with Oracle has been working on "modern C" support in the X.Org space as part of Fedora and other Linux distributions turning more compiler warnings into errors. There's a number of fixes coming to the X.Org codebase as a result of addressing those warnings. New point releases will likely come early in the new year to deal with those soon-to-be compiler errors.
X.Org Server 21.1.10 and XWayland 23.2.3 are now available to address CVE-2023-6377 and CVE-2023-6478.
The CVE-2023-6377 vulnerability is an out-of-bounds memory write within the XKB button actions where forcing a logical device change on a device with buttons can result in that out-of-bounds memory write. This could lead to a local privilege escalation if the server is run as root or using remote code execution like X11-over-SSH.
CVE-2023-6478 is an out-of-bounds memory read within the RRChangeOutputProperty and RRChangeProviderProperty functions that could lead to information disclosure.
These latest X.Org Security vulnerabilities were uncovered by the Trend Micro Zero Day Initiative that has also been responsible for uncovering a number of other security issues within the X.Org codebase over the years.
More details on these latest issues via the X.Org security advisory.
Separate from these security woes but in somewhat related news, Alan Coopersmith with Oracle has been working on "modern C" support in the X.Org space as part of Fedora and other Linux distributions turning more compiler warnings into errors. There's a number of fixes coming to the X.Org codebase as a result of addressing those warnings. New point releases will likely come early in the new year to deal with those soon-to-be compiler errors.
117 Comments