Multiple vulnerabilities have been discovered in the X.org display server, which is used in IGEL OS. This affects the following IGEL products:
IGEL OS 12
IGEL OS 11
Details
The X.org server has been found to have three local vulnerabilities. CVE-2023-5367 is an out-of-bounds write flaw in xorg-x11-server that could be used to crash the server or escalate the attacker’s privileges. It is rated as high. CVE-2023-5574 tracks a vulnerability in Xvfb, also rated as high, that could have the same effect. Finally, CVE-2023-5380 is a use-after-free flaw in the xorg-x11-server that could crash the server in a very specific scenario (medium).
Update Instructions
OS 12: Update to OS 12 base system app version 12.2.2.
OS 11: Update to OS 11.09.150 (available 6 December).