{"schema_version":"1.7.2","id":"OESA-2024-1817","modified":"2024-07-12T11:08:27Z","published":"2024-07-12T11:08:27Z","upstream":["CVE-2022-2320"],"summary":"xorg-x11-server-xwayland security update","details":"Xwayland is an X server for running X clients under Wayland.   %package devel Summary: Development package Requires: pkgconfig   %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland.   %prep %autosetup -n xwayland-   %build %meson \\         -Dxwayland_eglstream=true \\         -Ddefault_font_path=\u0026quot;catalogue:/etc/X11/fontpath.d,built-ins\u0026quot; \\         -Dbuilder_string=\u0026quot;Build ID:  -\u0026quot; \\         -Dxkb_output_dir=/lib/xkb \\         -Dxcsecurity=true \\         -Dglamor=true \\         -Ddri3=true   %meson_build\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.(CVE-2022-2320)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"xorg-x11-server-xwayland","purl":"pkg:rpm/openEuler/xorg-x11-server-xwayland\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.aarch64.rpm","xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.aarch64.rpm","xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.aarch64.rpm","xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.aarch64.rpm"],"src":["xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.src.rpm"],"x86_64":["xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.x86_64.rpm","xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.x86_64.rpm","xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.x86_64.rpm","xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1817"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2320"}],"database_specific":{"severity":"High"}}