CVE-2024-9632, CVE-2024-30180, CVE-2024-31081, CVE-2024-31083 #1085
Comments
|
Thx, will check that. Will take some time, though.
Uli
GimmeHardware ***@***.***> schrieb am Fr., 6. Dez. 2024,
01:35:
… X.Org Security Advisory: Issues in X.Org X server prior to 21.1.14 and
Xwayland prior to 24.1.4
<https://lists.x.org/archives/xorg-announce/2024-October/003545.html>
CVE-2024-9632 <https://github.com/advisories/GHSA-cjcf-6ch6-g3rx>:
Heap-based buffer overflow privilege escalation in _XkbSetCompatMap
The announcement linked above has a link to the commit that fixed it.
I see the affected code for it in nx-libs but it's not identical.
X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and
Xwayland prior to 23.2.5
<https://lists.freedesktop.org/archives/xorg-announce/2024-April/003505.html>
CVE-2024-31080 <https://github.com/advisories/GHSA-mqqf-4p7r-rf89>: Heap
buffer overread/data leakage in ProcXIGetSelectedEvents (Introduced in
xorg-server-1.7.0 2009)
CVE-2024-31081 <https://github.com/advisories/GHSA-3fpg-j8cw-vcjq>: Heap
buffer overread/data leakage in ProcXIPassiveGrabDevice (Introduced in
xorg-server-1.7.0 2009)
CVE-2024-31083 <https://github.com/advisories/GHSA-q6w6-rjjj-5p52>:
User-after-free in ProcRenderAddGlyphs (Introduced in X11R6-7 2004)
The announcement linked above has links to the commits that fixed them.
I don't see the affected code for the first two in nx-libs, so maybe it's
immune or maybe the code is just in different places.
I see the affected code for the last one but it's not identical. Also,
apparently that one was tricky - upstream took two tries.
The announcement also lists CVE-2024-31082
<https://github.com/advisories/GHSA-cm2m-f7gc-hv64> introduced in
xorg-server-1.12.0 so I don't think that would be here.
—
Reply to this email directly, view it on GitHub
<#1085>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABQHBZGI5CUILZFWV6DJCVT2EDWO3AVCNFSM6AAAAABTDUAZQOVHI2DSMVQWIX3LMV43ASLTON2WKOZSG4ZDCNZWGQZDMOA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
X.Org Security Advisory: Issues in X.Org X server prior to 21.1.14 and Xwayland prior to 24.1.4
CVE-2024-9632: Heap-based buffer overflow privilege escalation in _XkbSetCompatMap
The announcement linked above has a link to the commit that fixed it.
I see the affected code for it in nx-libs but it's not identical.
X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5
CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (Introduced in xorg-server-1.7.0 2009)
CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (Introduced in xorg-server-1.7.0 2009)
CVE-2024-31083: User-after-free in ProcRenderAddGlyphs (Introduced in X11R6-7 2004)
The announcement linked above has links to the commits that fixed them.
I don't see the affected code for the first two in nx-libs, so maybe it's immune or maybe the code is just in different places.
I see the affected code for the last one but it's not identical. Also, apparently that one was tricky - upstream took two tries.
The announcement also lists CVE-2024-31082 introduced in xorg-server-1.12.0 so I don't think that would be here.
The text was updated successfully, but these errors were encountered: