ALSA-2024:2995

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

• xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)
• xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)
• xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)
• xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)
• xorg-x11-server: SELinux unlabeled GLX PBuffer (CVE-2024-0408)
• xorg-x11-server: SELinux context corruption (CVE-2024-0409)
• xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)
• xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)
• xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.