Issued:: 2024-05-23
Updated:: 2024-05-23

RHSA-2024:3343 - Security Advisory

Overview
Updated Packages

Synopsis

Important: xorg-x11-server-Xwayland security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Xwayland is an X server for running X clients under Wayland.

Security Fix(es):

xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)
xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)
xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 2271997 - CVE-2024-31080 xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
BZ - 2271998 - CVE-2024-31081 xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
BZ - 2272000 - CVE-2024-31083 xorg-x11-server: Use-after-free in ProcRenderAddGlyphs

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
xorg-x11-server-Xwayland-21.1.3-16.el8_10.src.rpm	SHA-256: 9810279dec938b99bebc8746bb5940b6db61d317a15fc213cf3d8c5bfff56c9b
x86_64
xorg-x11-server-Xwayland-21.1.3-16.el8_10.x86_64.rpm	SHA-256: 1cfbf0d4113bdd1ac3d784e9108714e6dbae485c2f34fa87df2ce3016b31068f
xorg-x11-server-Xwayland-debuginfo-21.1.3-16.el8_10.x86_64.rpm	SHA-256: de4952037e5e8ea0f1df717c8c9723cbece2e5c609f7be698ec73cb62a7f0d85
xorg-x11-server-Xwayland-debugsource-21.1.3-16.el8_10.x86_64.rpm	SHA-256: b379f068c27113e2b95167f55fd35483e424fa81f46eddc0ea9d5b7105ffa182

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
xorg-x11-server-Xwayland-21.1.3-16.el8_10.src.rpm	SHA-256: 9810279dec938b99bebc8746bb5940b6db61d317a15fc213cf3d8c5bfff56c9b
s390x
xorg-x11-server-Xwayland-21.1.3-16.el8_10.s390x.rpm	SHA-256: ba2ff6bb3500ce249151542041defea7bf5ca55abf69a2007cf5b1d9f7db99f3
xorg-x11-server-Xwayland-debuginfo-21.1.3-16.el8_10.s390x.rpm	SHA-256: 4c786d46d84d8243c0679a5719cf4e6ac7881716c89cdd9bec4fe2b1c23269b7
xorg-x11-server-Xwayland-debugsource-21.1.3-16.el8_10.s390x.rpm	SHA-256: c3f8e54af9781201d16772be8bebcfa086a69d14d760f0fc772354f091bbb389

Red Hat Enterprise Linux for Power, little endian 8

SRPM
xorg-x11-server-Xwayland-21.1.3-16.el8_10.src.rpm	SHA-256: 9810279dec938b99bebc8746bb5940b6db61d317a15fc213cf3d8c5bfff56c9b
ppc64le
xorg-x11-server-Xwayland-21.1.3-16.el8_10.ppc64le.rpm	SHA-256: d774d0a481a89277a27446b098664ab394599011d6f737d8151baf13ad7fe0aa
xorg-x11-server-Xwayland-debuginfo-21.1.3-16.el8_10.ppc64le.rpm	SHA-256: 5326e7a042d52ff3ff8342729276613ce66e587981dc8837517e66b083406256
xorg-x11-server-Xwayland-debugsource-21.1.3-16.el8_10.ppc64le.rpm	SHA-256: c91c68af7ecc5b14631e337ee29ae6565c928e5240442b466b5be0aca192b309

Red Hat Enterprise Linux for ARM 64 8

SRPM
xorg-x11-server-Xwayland-21.1.3-16.el8_10.src.rpm	SHA-256: 9810279dec938b99bebc8746bb5940b6db61d317a15fc213cf3d8c5bfff56c9b
aarch64
xorg-x11-server-Xwayland-21.1.3-16.el8_10.aarch64.rpm	SHA-256: 2bb96fd0db916abf1e70f58c24d8da4baa072f4b6ff844156e4df741df877cd4
xorg-x11-server-Xwayland-debuginfo-21.1.3-16.el8_10.aarch64.rpm	SHA-256: dfc74325c57f141e486fc4dc1f916d19807dacb9401744a38f731a99ffc74052
xorg-x11-server-Xwayland-debugsource-21.1.3-16.el8_10.aarch64.rpm	SHA-256: bbb3ea6ae7629e929a2eb9df9a643fe7d77b8f55270cbd0d31c2a82e93acbee1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation