Уязвимость CVE-2023-5367: Информация

Описание

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

Важность: HIGH (7,8) Вектор: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-5367
Опубликовано: 25 октября 2023 г.
Изменено: 16 февраля 2024 г.
Идентификатор типа ошибки: CWE-787

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
xorg-serverp101.20.14-alt91.20.14-alt12ALT-PU-2023-6607-2332673Исправлено
xorg-serverp10_e2k1.20.14-alt9.E2K.11.20.14-alt9.E2K.1ALT-PU-2023-7726-1-Исправлено
xorg-serverp91.20.8-alt101.20.8-alt12ALT-PU-2023-7278-2334512Исправлено
xorg-serverc10f11.20.14-alt91.20.14-alt12ALT-PU-2023-6974-2333359Исправлено
xorg-serverc9f21.20.8-alt121.20.8-alt12ALT-PU-2024-3261-2341756Исправлено
xorg-xwaylandsisyphus23.2.2-alt123.2.6-alt1ALT-PU-2023-8421-1332669Исправлено
xorg-xwaylandp1023.1.1-alt223.1.1-alt5ALT-PU-2023-6608-2332673Исправлено
xorg-xwaylandc10f123.1.1-alt223.1.1-alt5ALT-PU-2023-6973-2333359Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://bugzilla.redhat.com/show_bug.cgi?id=2243091
  • Issue Tracking
  • Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5367
  • Third Party Advisory
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
  • Patch
  • Vendor Advisory
https://www.debian.org/security/2023/dsa-5534
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/
  • Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/
  • Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/
  • Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/
  • Mailing List
RHSA-2023:6802
  • Third Party Advisory
RHSA-2023:6808
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/
  • Mailing List
  • Third Party Advisory
RHSA-2023:7373
  • Third Party Advisory
RHSA-2023:7388
  • Third Party Advisory
RHSA-2023:7405
  • Third Party Advisory
RHSA-2023:7428
  • Third Party Advisory
RHSA-2023:7436
  • Third Party Advisory
RHSA-2023:7526
  • Third Party Advisory
RHSA-2023:7533
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20231130-0004/
  • Third Party Advisory
RHSA-2024:0010
  • Third Party Advisory
RHSA-2024:0128
  • Third Party Advisory
https://security.gentoo.org/glsa/202401-30
  • Third Party Advisory

    1. Конфигурация 1

      cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
      End excliding
      23.2.2
      cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
      End excliding
      21.1.9

      Конфигурация 2

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*

      Конфигурация 3

      cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
      cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
      cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

      Конфигурация 4

      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.4.2
Наверх