Bug 2257690 (CVE-2024-0409)
Summary: | CVE-2024-0409 xorg-x11-server: SELinux context corruption | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | xorg-server-21.1.11, xwayland-23.2.4 | Doc Type: | --- |
Doc Text: |
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2258977, 2258978 | ||
Bug Blocks: | 2256538 |
Description
Patrick Del Bello
2024-01-10 14:02:02 UTC
Created tigervnc tracking bugs for this issue: Affects: fedora-all [bug 2258978] Created xorg-x11-server tracking bugs for this issue: Affects: fedora-all [bug 2258977] This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:0320 https://access.redhat.com/errata/RHSA-2024:0320 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2170 https://access.redhat.com/errata/RHSA-2024:2170 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2169 https://access.redhat.com/errata/RHSA-2024:2169 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2995 https://access.redhat.com/errata/RHSA-2024:2995 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2996 https://access.redhat.com/errata/RHSA-2024:2996 |