OESA-2024-1597

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1597
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-1597.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2024-1597
Upstream
Published
2024-05-17T11:08:01Z
Modified
2025-08-12T05:40:38.356808Z
Summary
xorg-x11-server-xwayland security update
Details

Xwayland is an X server for running X clients under Wayland. %package devel Summary: Development package Requires: pkgconfig %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland. %prep %autosetup -n xwayland- %build %meson \ -Dxwaylandeglstream=true \ -Ddefaultfontpath="catalogue:/etc/X11/fontpath.d,built-ins" \ -Dbuilderstring="Build ID: -" \ -Dxkboutputdir=/lib/xkb \ -Dxcsecurity=true \ -Dglamor=true \ -Ddri3=true %meson_build

Security Fix(es):

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.(CVE-2024-0229)

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.(CVE-2024-0409)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP2 / xorg-x11-server-xwayland

Package

Name
xorg-x11-server-xwayland
Purl
pkg:rpm/openEuler/xorg-x11-server-xwayland&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
xorg-x11-server-Xwayland-22.1.2-5.oe2203sp2

Ecosystem specific 

{
    "x86_64": [
        "xorg-x11-server-Xwayland-22.1.2-5.oe2203sp2.x86_64.rpm",
        "xorg-x11-server-Xwayland-debuginfo-22.1.2-5.oe2203sp2.x86_64.rpm",
        "xorg-x11-server-Xwayland-debugsource-22.1.2-5.oe2203sp2.x86_64.rpm",
        "xorg-x11-server-Xwayland-devel-22.1.2-5.oe2203sp2.x86_64.rpm"
    ],
    "aarch64": [
        "xorg-x11-server-Xwayland-22.1.2-5.oe2203sp2.aarch64.rpm",
        "xorg-x11-server-Xwayland-debugsource-22.1.2-5.oe2203sp2.aarch64.rpm",
        "xorg-x11-server-Xwayland-devel-22.1.2-5.oe2203sp2.aarch64.rpm",
        "xorg-x11-server-Xwayland-debuginfo-22.1.2-5.oe2203sp2.aarch64.rpm"
    ],
    "src": [
        "xorg-x11-server-Xwayland-22.1.2-5.oe2203sp2.src.rpm"
    ]
}