OESA-2024-2042

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2042

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-2042.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-2042

Upstream

CVE-2023-6377

CVE-2024-31083

Published

2024-08-23T11:08:55Z

Modified

2025-08-12T05:40:32.619140Z

Summary

xorg-x11-server-xwayland security update

Details

Xwayland is an X server for running X clients under Wayland. %package devel Summary: Development package Requires: pkgconfig %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland. %prep %autosetup -n xwayland- %build %meson \ -Dxwaylandeglstream=true \ -Ddefaultfontpath="catalogue:/etc/X11/fontpath.d,built-ins" \ -Dbuilderstring="Build ID: -" \ -Dxkboutputdir=/lib/xkb \ -Dxcsecurity=true \ -Dglamor=true \ -Ddri3=true %meson_build

Security Fix(es):

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.(CVE-2023-6377)

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.(CVE-2024-31083)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP1 / xorg-x11-server-xwayland

Package

Name: xorg-x11-server-xwayland
Purl: pkg:rpm/openEuler/xorg-x11-server-xwayland&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1

Ecosystem specific

{
    "aarch64": [
        "xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.aarch64.rpm",
        "xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.aarch64.rpm",
        "xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.aarch64.rpm",
        "xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.aarch64.rpm"
    ],
    "x86_64": [
        "xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.x86_64.rpm",
        "xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.x86_64.rpm",
        "xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.x86_64.rpm",
        "xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.x86_64.rpm"
    ],
    "src": [
        "xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.src.rpm"
    ]
}