X.Org Server New Local Privilege Escalation, Remote Code Execution vulnerabilities
From https://www.phoronix.com/scan.php?pa...ly-12-Security
Quote:
Getting things started for this "Patch Tuesday" are the disclosure of two new X.Org Server vulnerabilities.
These issues affecting out-of-bounds accesses with the X.Org Server can lead to local privilege elevation on systems where the X.Org Server is running privileged and remote code execution for SSH X forwarding sessions.
CVE-2022-2319 and CVE-2022-2320 were made public this morning and both deal with the X.Org Server's Xkb keyboard extension not properly validating input that could lead to out-of-bounds memory writes. Hopefully though in 2022 you aren't relying on your xorg-server running as root.
Fixes for these XKB vulnerabilities have been patched in X.Org Server Git and xorg-server 21.1.4 point release is expected soon with these fixes. Both vulnerabilities were discovered by Trend Micro's Zero Day Initiative.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|