Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2024-2378

Related Vulnerabilities: CVE-2023-6377   CVE-2023-6478  

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. (CVE-2023-6377) A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. (CVE-2023-6478)

Source

ALAS-2024-2378

Amazon Linux 2 Security Advisory: ALAS-2024-2378
Advisory Release Date: 2024-01-03 21:04 Pacific
Advisory Updated Date: 2024-01-09 17:59 Pacific
Severity: Important
Issue Overview:

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. (CVE-2023-6377)

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. (CVE-2023-6478)


Affected Packages:

xorg-x11-server


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
"Run yum update xorg-x11-server to update your system.
"

New Packages:
aarch64:
    xorg-x11-server-common-1.20.4-22.amzn2.0.3.aarch64
    xorg-x11-server-Xorg-1.20.4-22.amzn2.0.3.aarch64
    xorg-x11-server-Xnest-1.20.4-22.amzn2.0.3.aarch64
    xorg-x11-server-Xdmx-1.20.4-22.amzn2.0.3.aarch64
    xorg-x11-server-Xvfb-1.20.4-22.amzn2.0.3.aarch64
    xorg-x11-server-Xephyr-1.20.4-22.amzn2.0.3.aarch64
    xorg-x11-server-Xwayland-1.20.4-22.amzn2.0.3.aarch64
    xorg-x11-server-devel-1.20.4-22.amzn2.0.3.aarch64
    xorg-x11-server-debuginfo-1.20.4-22.amzn2.0.3.aarch64

i686:
    xorg-x11-server-common-1.20.4-22.amzn2.0.3.i686
    xorg-x11-server-Xorg-1.20.4-22.amzn2.0.3.i686
    xorg-x11-server-Xnest-1.20.4-22.amzn2.0.3.i686
    xorg-x11-server-Xdmx-1.20.4-22.amzn2.0.3.i686
    xorg-x11-server-Xvfb-1.20.4-22.amzn2.0.3.i686
    xorg-x11-server-Xephyr-1.20.4-22.amzn2.0.3.i686
    xorg-x11-server-Xwayland-1.20.4-22.amzn2.0.3.i686
    xorg-x11-server-devel-1.20.4-22.amzn2.0.3.i686
    xorg-x11-server-debuginfo-1.20.4-22.amzn2.0.3.i686

noarch:
    xorg-x11-server-source-1.20.4-22.amzn2.0.3.noarch

src:
    xorg-x11-server-1.20.4-22.amzn2.0.3.src

x86_64:
    xorg-x11-server-common-1.20.4-22.amzn2.0.3.x86_64
    xorg-x11-server-Xorg-1.20.4-22.amzn2.0.3.x86_64
    xorg-x11-server-Xnest-1.20.4-22.amzn2.0.3.x86_64
    xorg-x11-server-Xdmx-1.20.4-22.amzn2.0.3.x86_64
    xorg-x11-server-Xvfb-1.20.4-22.amzn2.0.3.x86_64
    xorg-x11-server-Xephyr-1.20.4-22.amzn2.0.3.x86_64
    xorg-x11-server-Xwayland-1.20.4-22.amzn2.0.3.x86_64
    xorg-x11-server-devel-1.20.4-22.amzn2.0.3.x86_64
    xorg-x11-server-debuginfo-1.20.4-22.amzn2.0.3.x86_64

Additional References

Red Hat: CVE-2023-6377, CVE-2023-6478

Mitre: CVE-2023-6377, CVE-2023-6478

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started