Errata ALT-PU-2021-4696-1: Information
Fixes
Published: Oct. 25, 2018
BDU:2018-01290
Уязвимость программного пакета X.Org Server, вызванная ошибками при обработке и проверке параметров командной строки, позволяющая нарушителю получить привилегии root и перезаписать произвольный файл в операционной системе
Severity: MEDIUM (6.6) Vector: AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 14, 2020
BDU:2020-03504
Уязвимость библиотеки шрифтов операционных систем Windows, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 25, 2020
BDU:2020-03915
Уязвимость сервера X Window System Xorg-server, связанная с некорректной инициализацией памяти, позволяющая нарушителю вызвать утечку части серверной памяти для клиента Xorg-server
Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
Published: Sept. 15, 2020
BDU:2021-00126
Уязвимость функции SProcRecordQueryVersion сервера X Window System Xorg-server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: MEDIUM (5.9) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Sept. 15, 2020
BDU:2021-00127
Уязвимость функции SProcXkbSelectEvents сервера X Window System Xorg-server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: MEDIUM (5.9) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Sept. 15, 2020
BDU:2021-00128
Уязвимость функции ProcXIChangeHierarchy сервера X Window System Xorg-server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: MEDIUM (5.9) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Dec. 1, 2020
BDU:2021-01784
Уязвимость компонента XkbSetDeviceInfo пакета xorg-x11-server, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (5.9) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Sept. 15, 2020
BDU:2021-02598
Уязвимость функции XkbSetNamesCheck из xkb.c сервера X Window System Xorg-server, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Severity: MEDIUM (5.9) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Dec. 1, 2020
BDU:2021-03541
Уязвимость функции XkbSetMap реализации сервера X Window System X.Org Server, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 26, 2021
BDU:2021-03760
Уязвимость X.org сервера, связанная с целочисленной потерей значимости, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 17, 2021
BDU:2022-00346
Уязвимость функции SProcXFixesCreatePointerBarrier реализации сервера X Window System X.Org Server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 17, 2021
BDU:2022-00347
Уязвимость функции SProcXFixesCreatePointerBarrier реализации сервера X Window System X.Org Server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 17, 2021
BDU:2022-00348
Уязвимость функции SProcRenderCompositeGlyphs реализации сервера X Window System X.Org Server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 17, 2021
BDU:2022-00349
Уязвимость функции SwapCreateRegister реализации сервера X Window System X.Org Server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 25, 2018
Modified: Oct. 23, 2019
Modified: Oct. 23, 2019
CVE-2018-14665
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
Severity: MEDIUM (6.6) Vector: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- [xorg-announce] 20181025 X.Org security advisory: October 25, 2018
- https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665
- DSA-4328
- 1041948
- 45697
- USN-3802-1
- 105741
- GLSA-201810-09
- RHSA-2018:3410
- 45742
- https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
- https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
- 45832
- 45922
- 45908
- 45938
- 46142
- http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html
- http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html
Published: Oct. 16, 2019
Modified: Aug. 24, 2020
Modified: Aug. 24, 2020
CVE-2019-17624
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 15, 2020
Modified: Oct. 7, 2022
Modified: Oct. 7, 2022
CVE-2020-14345
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 15, 2020
Modified: Nov. 8, 2022
Modified: Nov. 8, 2022
CVE-2020-14346
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 5, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-14347
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347
- https://www.openwall.com/lists/oss-security/2020/07/31/2
- https://lists.x.org/archives/xorg-announce/2020-July/003051.html
- openSUSE-SU-2020:1279
- [debian-lts-announce] 20200830 [SECURITY] [DLA 2359-1] xorg-server security update
- openSUSE-SU-2020:1302
- DSA-4758
- USN-4488-1
- USN-4488-2
- GLSA-202012-01
Published: July 15, 2020
Modified: May 3, 2022
Modified: May 3, 2022
CVE-2020-1436
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 20, 2021
Modified: Jan. 26, 2021
Modified: Jan. 26, 2021
CVE-2020-14360
A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 15, 2020
Modified: Nov. 3, 2022
Modified: Nov. 3, 2022
CVE-2020-14361
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 15, 2020
Modified: Nov. 3, 2022
Modified: Nov. 3, 2022
CVE-2020-14362
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 15, 2020
Modified: Dec. 17, 2020
Modified: Dec. 17, 2020
CVE-2020-25712
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 26, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-3472
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://lists.x.org/archives/xorg-announce/2021-April/003080.html
- https://seclists.org/oss-sec/2021/q2/20
- https://www.zerodayinitiative.com/advisories/ZDI-21-463/
- https://bugzilla.redhat.com/show_bug.cgi?id=1944167
- DSA-4893
- https://www.tenable.com/plugins/nessus/148701
- [oss-security] 20210413 X.Org server security advisory: April 13, 2021
- [debian-lts-announce] 20210415 [SECURITY] [DLA 2627-1] xorg-server security update
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
- GLSA-202104-02
- FEDORA-2021-139f3fc21c
- FEDORA-2021-0e2981e013
- FEDORA-2021-112d542766
- FEDORA-2021-f7b4c97879
Published: Dec. 17, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-4008
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://lists.x.org/archives/xorg-announce/2021-December/003124.html
- https://lists.x.org/archives/xorg-announce/2021-December/003122.html
- https://www.zerodayinitiative.com/advisories/ZDI-21-1547/
- DSA-5027
- [debian-lts-announce] 20211229 [SECURITY] [DLA 2869-1] xorg-server security update
- https://security.netapp.com/advisory/ntap-20220114-0004/
- GLSA-202305-30
- FEDORA-2021-2eb603951b
- FEDORA-2021-a7fd510294
- FEDORA-2021-69e96c8f68
- FEDORA-2021-664a6554a1
Published: Dec. 17, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-4009
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://lists.x.org/archives/xorg-announce/2021-December/003124.html
- https://lists.x.org/archives/xorg-announce/2021-December/003122.html
- https://www.zerodayinitiative.com/advisories/ZDI-21-1548/
- DSA-5027
- [debian-lts-announce] 20211229 [SECURITY] [DLA 2869-1] xorg-server security update
- https://security.netapp.com/advisory/ntap-20220114-0004/
- GLSA-202305-30
- FEDORA-2021-2eb603951b
- FEDORA-2021-a7fd510294
- FEDORA-2021-69e96c8f68
- FEDORA-2021-664a6554a1
Published: Dec. 17, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-4010
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://lists.x.org/archives/xorg-announce/2021-December/003124.html
- https://lists.x.org/archives/xorg-announce/2021-December/003122.html
- https://www.zerodayinitiative.com/advisories/ZDI-21-1549/
- DSA-5027
- https://security.netapp.com/advisory/ntap-20220114-0004/
- GLSA-202305-30
- FEDORA-2021-2eb603951b
- FEDORA-2021-a7fd510294
- FEDORA-2021-69e96c8f68
- FEDORA-2021-664a6554a1
Published: Dec. 17, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-4011
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://lists.x.org/archives/xorg-announce/2021-December/003124.html
- https://lists.x.org/archives/xorg-announce/2021-December/003122.html
- https://www.zerodayinitiative.com/advisories/ZDI-21-1550/
- DSA-5027
- [debian-lts-announce] 20211229 [SECURITY] [DLA 2869-1] xorg-server security update
- https://security.netapp.com/advisory/ntap-20220114-0004/
- GLSA-202305-30
- FEDORA-2021-2eb603951b
- FEDORA-2021-a7fd510294
- FEDORA-2021-69e96c8f68
- FEDORA-2021-664a6554a1