Multiple security vulnerabilities have been found in the X.org display system used in IGEL OS. This affects the following IGEL products:
IGEL OS 12
IGEL OS 11
Details
It has been discovered that the X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs (CVE-2023-6816). This could lead the X server to crash, reveal sensitive information, or allow the execution of arbitrary code. This is rated as high. The server may also handle reattaching to a different master device incorrectly, potentially leading to a crash or code execution (CVE-2024-0229, high).
Mitigation
To prevent these vulnerabilities from being exploited remotely, disable X11 forwarding over SSH (see instructions below). However, this does not defend against local threats.
IGEL OS 12: In the Profile Configurator or the Device Configurator, go to System > Remote Access > SSH Access and make sure that Permit X11 forwarding is disabled. By default, this service is disabled. Please note that X 11 forwarding, like the other SSH access settings, is only effective if the Enable parameter is activated.