| Description: | Summary:
The remote host is missing an update for the 'xorg-server' package(s) announced via the SSA:2024-016-02 advisory.
Vulnerability Insight:
New xorg-server packages are available for Slackware 15.0 and -current to
fix security issues.
Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.20.14-i586-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux context corruption.
SELinux unlabeled GLX PBuffer.
For more information, see:
[links moved to references]
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-10_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux unlabeled GLX PBuffer.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+
Affected Software/OS:
'xorg-server' package(s) on Slackware 15.0, Slackware current.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
