X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities

13 Jul 2022


      'Getting things started for this "Patch Tuesday" are the disclosure of
two new X.Org Server vulnerabilities. Phoronix reports:
These issues affecting out-of-bounds accesses with the X.Org Server
can lead to local privilege elevation on systems where the X.Org
Server is running privileged and remote code execution for SSH X
forwarding sessions.
CVE-2022-2319 and CVE-2022-2320 were made public this morning and both
deal with the X.Org Server's Xkb keyboard extension not properly
validating input that could lead to out-of-bounds memory writes. Fixes
for these XKB vulnerabilities have been patched in X.Org Server Git
and xorg-server 21.1.4 point release is expected soon with these
fixes. Both vulnerabilities were discovered by Trend Micro's Zero Day
Initiative. '
-- source: https://it.slashdot.org/story/22/07/12/2012211
Cheers, Peter
-- 
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174 (office)
+64 (7) 577-5304 (home office)
https://www.cs.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/

Peter Reutemann

tags (0)

participants (1)