xorg logo
The new version of X.Org Server 21.1.10 was released a few days ago and this release is listed as a corrective release along with the xwayland 23.2.3 component, even though the implementation has already begun to be displaced by Wayland, fixes continue to be released for long-standing security issues within the X codebase. Org since it is mentioned that The two vulnerabilities date back to 2007 and 2009.
The latest security vulnerabilities in X.Org fwere identified by the Trend Micro Zero Day initiative, which has played a prominent role in the discovery of various security issues in the X.Org codebase over time.
The first vulnerability can be exploited for privilege escalation on systems where the X server is running as root, as well as for remote code execution in setups that use X11 session redirection over SSH for access.
Main new features of X.Org 21.1.10
As mentioned at the beginning, this release is a corrective version, so the only changes that were made were the implementation of the solution to the following problems:
- CVE-2023-6377 Buffer overflow in the XKB button handler:
The buffer overflow occurs in the for a single XKB button controller, without considering the actual number of buttons on the new device. Button actions result in out-of-bounds memory reads and writes. This can lead to local privilege escalation if the server is running as root or remote code execution (e.g. x11 over ssh).
This vulnerability allows an attacker to execute arbitrary code and to exploit it, the attacker must trick the system into switching logical input devices incorrectly, this can be done for example by sending a malformed request to the X server. This issue has Been around since the release of xorg-server-1.6.0 in 2009. - CVE-2023-6478 Integer overflow in RRChangeProviderProperty and RRChangeOutputProperty:
Integer overflow occurs in the code that processes these requests and the issue is caused by the use of a 32-bit integer in the size calculation variable, which is prone to overflow when processing large requests.
This vulnerability allows an attacker to read data from an area outside the buffer or leak information from process memory. To exploit it, the attacker must send specially crafted RRChangeProviderProperty or RRChangeOutputProperty requests. It is mentioned that related problems have been identified since the releases of xorg-server-1.4.0 in 2004 and xorg-server-1.13.0 in 2012.
Also, tIt is also worth mentioning the improvements implemented in Xwayland 23.2.3 when running in full screen and a solution for RandR output name handling.
- Added xwl_output to Xwayland types
- Added a helper function to refresh the full screen
- Updated full screen window when changing output
- Now no resizing when running in full screen
- When compiling now allows custom server configuration directory
- Output name Length is updated
- Correct name and length are now used by default
- randr: prevent integer truncation in ProcRRChange*Property length check
- Xi: Allocate enough XkbActions for our buttons
Finally, If you are interested in knowing more about it, you can check the details in the following link. Additionally, users of vulnerable systems are recommended to install security updates as soon as possible. These updates fix vulnerabilities and make systems more secure.
The updates are already available in the distribution repositories, so all you have to do is run your update commands in a terminal to obtain the new version. As for those who compile directly from source code, you can get the newversion in this link.