Skip to main content
Skip table of contents

ISN 2023-26: Vulnerabilities

Updated 27 November 2023 (Update Instructions)

First published 9 November 2023

CVSS 3.1: 7.8 (High)



Multiple vulnerabilities have been discovered in the display server, which is used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12
  • IGEL OS 11


The server has been found to have three local vulnerabilities. CVE-2023-5367 is an out-of-bounds write flaw in xorg-x11-server that could be used to crash the server or escalate the attacker’s privileges. It is rated as high. CVE-2023-5574 tracks a vulnerability in Xvfb, also rated as high, that could have the same effect. Finally, CVE-2023-5380 is a use-after-free flaw in the xorg-x11-server that could crash the server in a very specific scenario (medium).

Update Instructions

  • OS 12: Update to OS 12 base system app version 12.2.2.
  • OS 11: Update to OS 11.09.150 (available 6 December).


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.