FOSS Srbija | Free and Opensource Srbija

FOSS Srbija je uspesno migrirana na Xenforo platformu.

Korisnici koji ne mogu da se uloguju sa starom lozinkom, idite na "Forgot your password?"

i zatrazite novu koja ce Vam stici na registrovani mejl.

XWayland & X.Org Server See New Releases Due To Three More Security Vulnerabilities.

Bojan970

Well-known member
Joined
Jan 12, 2021
Messages
604
Reaction score
335
The X.Org Server and XWayland saw new point releases today as a result of three more security vulnerabilities being disclosed.

October began with new X.Org security vulnerabilities, two of which dated back to the year 1988. Now as we approach the end of October, three more vulnerabilities have been made public.

CVE-2023-5367 is an out-of-bounds write within the XIChangeDeviceProperty/RRChangeOutputProperty where memcpy() can end up writing into memory outside of the heap-allocated array. CVE-2023-5380 is for a use-after-free within DestroyWindow. The latter vulnerability only affects multi-monitor "Zaphod" mode setups. The third is CVE-2023-5574 and is another use-after-free bug, this time within DamageDestroy and also affecting multi-head Zaphod mode setups.

X.Org Server 21.1.9 and XWayland 23.2.2 were released today with the X.Org patches to address these out-of-bounds and use-after-free errors. These three CVEs come as a result of the Trend Micro Zero Day Initiative where they have also uncovered many other X.Org vulnerabilities over prior years.

1698521121329.png
 
Top