Univention Bugzilla – Bug 55537
xorg-server: Multiple issues (5.0)
Last modified: 2023-01-13 15:50:03 CET
New Debian xorg-server 2:1.20.4-1+deb10u7 fixes: This update addresses the following issues: * X.Org Server XkbGetKbdByName use-after-free (CVE-2022-4283) * X.Org Server XTestSwapFakeInput stack overflow (CVE-2022-46340) * X.Org Server XIPassiveUngrab out-of-bounds access (CVE-2022-46341) * X.Org Server XvdiSelectVideoNotify use-after-free (CVE-2022-46342) * X.Org Server ScreenSaverSetAttributes use-after-free (CVE-2022-46343) * X.Org Server XIChangeProperty out-of-bounds access (CVE-2022-46344)
--- mirror/ftp/pool/main/x/xorg-server/xorg-server_1.20.4-1+deb10u6.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/xorg-server_1.20.4-1+deb10u7.dsc @@ -1,3 +1,20 @@ +2:1.20.4-1+deb10u7 [Thu, 29 Dec 2022 19:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2022-46340 + Xtest: disallow GenericEvents in XTestSwapFakeInput + * CVE-2022-46341 + Xi: disallow passive grabs with a detail > 255 + * CVE-2022-46342 + Xext: free the XvRTVideoNotify when turning off from the same client + * CVE-2022-46343 + Xext: free the screen saver resource when replacing it + * CVE-2022-46344 + Xi: avoid integer truncation in length check of ProcXIChangeProperty + * CVE-2022-4283 + xkb: reset the radio_groups pointer to NULL after freeing it + * Xi: return an error from XI property changes if verification failed + 2:1.20.4-1+deb10u6 [Tue, 08 Nov 2022 13:39:13 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * xkb: proof GetCountedString against request length attacks (CVE-2022-3550) <http://piuparts.knut.univention.de/5.0-2/#2068342451359411768>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 4cf59e3ff4 Bug #55537: xorg-server 2:1.20.4-1+deb10u7 doc/errata/staging/xorg-server.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) [5.0-2] bdf6417ad8 Bug #55537: xorg-server 2:1.20.4-1+deb10u7 doc/errata/staging/xorg-server.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x536>