MGASA-2024-0022

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0022.html

Import Source

https://advisories.mageia.org/MGASA-2024-0022.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2024-0022

Related

CVE-2023-6816
CVE-2024-0229
CVE-2024-0408
CVE-2024-0409
CVE-2024-21885
CVE-2024-21886

Published

2024-02-04T02:49:27Z

Modified

2024-02-04T01:24:09Z

Summary

Updated x11-server, x11-server-xwayland and tigervnc fix security issues

Details

The updated packages fix security vulnerabilities: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. (CVE-2023-6816) Reattaching to different master device may lead to out-of-bounds memory access. (CVE-2024-0229) Heap buffer overflow in XISendDeviceHierarchyEvent. (CVE-2024-21885) Heap buffer overflow in DisableDevice. (CVE-2024-21886) SELinux unlabeled GLX PBuffer. (CVE-2024-0408) SELinux context corruption. (CVE-2024-0409)

References

https://advisories.mageia.org/MGASA-2024-0022.html
https://bugs.mageia.org/show_bug.cgi?id=32747
https://www.openwall.com/lists/oss-security/2024/01/18/1
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.374309

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2024-0022

Affected packages