Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-5574

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. (CVE-2023-5574)

Source

ALAS-2023-2352

Amazon Linux 2 Security Advisory: ALAS-2023-2352
Advisory Release Date: 2023-11-29 22:19 Pacific
Advisory Updated Date: 2023-12-04 21:44 Pacific

Severity: Important

References: CVE-2023-5574
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. (CVE-2023-5574)

Affected Packages:

xorg-x11-server

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update xorg-x11-server to update your system.

New Packages:

aarch64:
    xorg-x11-server-common-1.20.4-22.amzn2.0.2.aarch64
    xorg-x11-server-Xorg-1.20.4-22.amzn2.0.2.aarch64
    xorg-x11-server-Xnest-1.20.4-22.amzn2.0.2.aarch64
    xorg-x11-server-Xdmx-1.20.4-22.amzn2.0.2.aarch64
    xorg-x11-server-Xvfb-1.20.4-22.amzn2.0.2.aarch64
    xorg-x11-server-Xephyr-1.20.4-22.amzn2.0.2.aarch64
    xorg-x11-server-Xwayland-1.20.4-22.amzn2.0.2.aarch64
    xorg-x11-server-devel-1.20.4-22.amzn2.0.2.aarch64
    xorg-x11-server-debuginfo-1.20.4-22.amzn2.0.2.aarch64

i686:
    xorg-x11-server-common-1.20.4-22.amzn2.0.2.i686
    xorg-x11-server-Xorg-1.20.4-22.amzn2.0.2.i686
    xorg-x11-server-Xnest-1.20.4-22.amzn2.0.2.i686
    xorg-x11-server-Xdmx-1.20.4-22.amzn2.0.2.i686
    xorg-x11-server-Xvfb-1.20.4-22.amzn2.0.2.i686
    xorg-x11-server-Xephyr-1.20.4-22.amzn2.0.2.i686
    xorg-x11-server-Xwayland-1.20.4-22.amzn2.0.2.i686
    xorg-x11-server-devel-1.20.4-22.amzn2.0.2.i686
    xorg-x11-server-debuginfo-1.20.4-22.amzn2.0.2.i686

noarch:
    xorg-x11-server-source-1.20.4-22.amzn2.0.2.noarch

src:
    xorg-x11-server-1.20.4-22.amzn2.0.2.src

x86_64:
    xorg-x11-server-common-1.20.4-22.amzn2.0.2.x86_64
    xorg-x11-server-Xorg-1.20.4-22.amzn2.0.2.x86_64
    xorg-x11-server-Xnest-1.20.4-22.amzn2.0.2.x86_64
    xorg-x11-server-Xdmx-1.20.4-22.amzn2.0.2.x86_64
    xorg-x11-server-Xvfb-1.20.4-22.amzn2.0.2.x86_64
    xorg-x11-server-Xephyr-1.20.4-22.amzn2.0.2.x86_64
    xorg-x11-server-Xwayland-1.20.4-22.amzn2.0.2.x86_64
    xorg-x11-server-devel-1.20.4-22.amzn2.0.2.x86_64
    xorg-x11-server-debuginfo-1.20.4-22.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2023-5574

Mitre: CVE-2023-5574

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2023-2352

ALAS-2023-2352

Additional References

Vulmon Search

About

Products

Connect