Skip to main content
Skip table of contents

ISN 2023-26: X.org Vulnerabilities

Updated 27 November 2023 (Update Instructions)

First published 9 November 2023

CVSS 3.1: 7.8 (High)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities have been discovered in the X.org display server, which is used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12
  • IGEL OS 11

Details

The X.org server has been found to have three local vulnerabilities. CVE-2023-5367 is an out-of-bounds write flaw in xorg-x11-server that could be used to crash the server or escalate the attacker’s privileges. It is rated as high. CVE-2023-5574 tracks a vulnerability in Xvfb, also rated as high, that could have the same effect. Finally, CVE-2023-5380 is a use-after-free flaw in the xorg-x11-server that could crash the server in a very specific scenario (medium).

Update Instructions

  • OS 12: Update to OS 12 base system app version 12.2.2.
  • OS 11: Update to OS 11.09.150 (available 6 December).

References


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.