Vulnerability CVE-2023-6377: Information
Description
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
xorg-server | p10 | 1.20.14-alt10 | 1.20.14-alt12 | ALT-PU-2023-8034-2 | 336398 | Fixed |
xorg-server | p9 | 1.20.8-alt11 | 1.20.8-alt12 | ALT-PU-2023-8033-2 | 336399 | Fixed |
xorg-server | c10f1 | 1.20.14-alt11 | 1.20.14-alt12 | ALT-PU-2024-4743-2 | 343922 | Fixed |
xorg-server | c9f2 | 1.20.8-alt12 | 1.20.8-alt12 | ALT-PU-2024-3261-2 | 341756 | Fixed |
xorg-xwayland | p10 | 23.1.1-alt3 | 23.1.1-alt5 | ALT-PU-2023-8035-2 | 336398 | Fixed |
xorg-xwayland | c10f1 | 23.1.1-alt4 | 23.1.1-alt5 | ALT-PU-2024-4745-2 | 343922 | Fixed |