The X.Org server hit by its latest batch of security vulnerabilities

0

Considering the age of the X.Org/X11 code, security issues have become quite common. Almost ten years ago, the X.Org server was considered a “security disaster” and a security researcher said it was even worse than it looks. Today another set of X.Org Server security vulnerabilities were released.

Four more CVEs were released today regarding input validation failures in the X.Org server that could lead to elevation of local privileges. This is for cases where the X.Org server is still running as a privileged process and supports remote code execution for SSH X transfer sessions.

Security issues involve out-of-bounds writes with various aspects of the X.Org server around rendering, xfices, xext, and registration code.

* CVE-2021-4008 / ZDI-CAN-14192 SProcRenderCompositeGlyphs access out of range

The Render extension’s CompositeGlyphs request handler does not correctly validate the length of the request leading to an out of range memory write.

* CVE-2021-4009 / ZDI-CAN 14950 SProcXFixesCreatePointerBarrier access out of limits

The XFixes extension’s CreatePointerBarrier request handler does not correctly validate the length of the request leading to an out of bounds memory write.

* CVE-2021-4010 / ZDI-CAN-14951 SProcScreenSaverSuspend access out of range

The Screen Saver extension suspend request handler does not correctly validate the length of the request leading to an out of range memory write.

* CVE-2021-4011 / ZDI-CAN-14952 SwapCreateRegister access out of range

The RecordCreateContext and RecordRegisterClients request handlers of the Record extension do not correctly validate the length of the request leading to an out of range memory write.

These latest vulnerabilities were discovered as part of the Trend Micro Zero Day initiative. Patches are pending in X.Org Server Git.

More details via the security advisory.

These security advisories impact XWayland for which XWayland 21.1.4 saw an update this morning.


Source link

Share.

Comments are closed.