DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th July 2022
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default X.Org Server New Local Privilege Escalation, Remote Code Execution vulnerabilities

From https://www.phoronix.com/scan.php?pa...ly-12-Security

Quote:
Getting things started for this "Patch Tuesday" are the disclosure of two new X.Org Server vulnerabilities.

These issues affecting out-of-bounds accesses with the X.Org Server can lead to local privilege elevation on systems where the X.Org Server is running privileged and remote code execution for SSH X forwarding sessions.

CVE-2022-2319 and CVE-2022-2320 were made public this morning and both deal with the X.Org Server's Xkb keyboard extension not properly validating input that could lead to out-of-bounds memory writes. Hopefully though in 2022 you aren't relying on your xorg-server running as root.

Fixes for these XKB vulnerabilities have been patched in X.Org Server Git and xorg-server 21.1.4 point release is expected soon with these fixes. Both vulnerabilities were discovered by Trend Micro's Zero Day Initiative.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 14th July 2022
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

According to the Register there were, besides the security fixes, also some other updates in this new Xorg release. See https://www.theregister.com/2022/07/...rvers_updated/
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
WordPress cache plugins enabled remote PHP execution J65nko News 0 25th April 2013 07:29 AM
Security Security vulnerability in sudo allows privilege escalation J65nko News 0 5th March 2013 03:52 PM
Security Intel CPUs affected by VM privilege escalation exploit J65nko News 9 18th June 2012 11:51 PM
Security Samba fixes critical remote code execution vulnerability J65nko News 0 13th April 2012 01:24 AM
Exim code-execution bug, now with root access J65nko News 0 12th December 2010 12:09 AM


All times are GMT. The time now is 11:27 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick