-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  xorg-server (SSA:2024-304-04)

New xorg-server packages are available for Slackware 15.0 and -current to
fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.20.14-i586-14_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  By providing a modified bitmap, a heap-based buffer overflow may occur.
  This may lead to local privilege escalation if the server is run as root
  or remote code execution (e.g. x11 over ssh).
  This vulnerability was discovered by:
  Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2024-October/003545.html
    https://www.cve.org/CVERecord?id=CVE-2024-9632
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-14_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-14_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-14_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-12_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  By providing a modified bitmap, a heap-based buffer overflow may occur.
  This may lead to local privilege escalation if the server is run as root
  or remote code execution (e.g. x11 over ssh).
  This vulnerability was discovered by:
  Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2024-October/003545.html
    https://www.cve.org/CVERecord?id=CVE-2024-9632
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-12_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20.14-x86_64-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xephyr-1.20.14-x86_64-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xnest-1.20.14-x86_64-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xvfb-1.20.14-x86_64-14_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xwayland-21.1.4-x86_64-12_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.14-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-21.1.14-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-21.1.14-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-21.1.14-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-24.1.4-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-21.1.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-21.1.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-21.1.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-21.1.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-24.1.4-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 15.0 package:
eebd5cd981a537e02a09d813ced19ede  xorg-server-1.20.14-i586-14_slack15.0.txz
ddd8ecbb735d3e347702d5008094efb1  xorg-server-xephyr-1.20.14-i586-14_slack15.0.txz
76f253a5a048a23110b447f5ae292f3e  xorg-server-xnest-1.20.14-i586-14_slack15.0.txz
ce54ae9c7368ecc60be96c50e93c26a3  xorg-server-xvfb-1.20.14-i586-14_slack15.0.txz
c0e7639ea5b69966c2df52efc658b55c  xorg-server-xwayland-21.1.4-i586-12_slack15.0.txz

Slackware x86_64 15.0 package:
efa602268277e4b7838f04c52352e5d2  xorg-server-1.20.14-x86_64-14_slack15.0.txz
2290325db04ba991244e1db34b6039e5  xorg-server-xephyr-1.20.14-x86_64-14_slack15.0.txz
9dfe708add6b47877fa76bfc7ecdbbb0  xorg-server-xnest-1.20.14-x86_64-14_slack15.0.txz
f9a9222328fe88bf81f446ef8a77c066  xorg-server-xvfb-1.20.14-x86_64-14_slack15.0.txz
99523a7eca2c145d269b65cbad18bf75  xorg-server-xwayland-21.1.4-x86_64-12_slack15.0.txz

Slackware -current package:
8d6aa07b319d2aef7eabb667000828fc  x/xorg-server-21.1.14-i686-1.txz
c92414cd5b46a14cefe2207fa66b311d  x/xorg-server-xephyr-21.1.14-i686-1.txz
67a0bcf3041c78cbd6a4971502fb6261  x/xorg-server-xnest-21.1.14-i686-1.txz
16dc00c9cb9bf872fc287319ade2abe4  x/xorg-server-xvfb-21.1.14-i686-1.txz
1622be5d7be614fd784519869a665e76  x/xorg-server-xwayland-24.1.4-i686-1.txz

Slackware x86_64 -current package:
7e36599b3810e2066afef71c5c6c7511  x/xorg-server-21.1.14-x86_64-1.txz
4347494b4a665a3d3b2901fe6340d28f  x/xorg-server-xephyr-21.1.14-x86_64-1.txz
2490efadbfb293db40891f48068e1ce8  x/xorg-server-xnest-21.1.14-x86_64-1.txz
175fde9e0f27767bf96659b1ac3c0230  x/xorg-server-xvfb-21.1.14-x86_64-1.txz
91929af00bfe32aa554b2c06754cb792  x/xorg-server-xwayland-24.1.4-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg xorg-server-*.txz 


+-----+

Slackware: 2024-304-04: xorg-server Security Advisory Update

October 30, 2024
New xorg-server packages are available for Slackware 15.0 and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/xorg-server-1.20.14-i586-14_slack15.0.txz: Rebuilt. This update fixes a security issue: By providing a modified bitmap, a heap-based buffer overflow may occur. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh). This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative For more information, see: https://lists.x.org/archives/xorg-announce/2024-October/003545.html https://www.cve.org/CVERecord?id=CVE-2024-9632 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-i586-14_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-i586-14_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-i586-14_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-i586-12_slack15.0.txz: Rebuilt. This update fixes a security issue: By providing a...

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-14_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-14_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-14_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-14_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-12_slack15.0.txz
Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20.14-x86...

Read the Full Advisory

MD5 Signatures

Slackware 15.0 package: eebd5cd981a537e02a09d813ced19ede xorg-server-1.20.14-i586-14_slack15.0.txz ddd8ecbb735d3e347702d5008094efb1 xorg-server-xephyr-1.20.14-i586-14_slack15.0.txz 76f253a5a048a23110b447f5ae292f3e xorg-server-xnest-1.20.14-i586-14_slack15.0.txz ce54ae9c7368ecc60be96c50e93c26a3 xorg-server-xvfb-1.20.14-i586-14_slack15.0.txz c0e7639ea5b69966c2df52efc658b55c xorg-server-xwayland-21.1.4-i586-12_slack15.0.txz
Slackware x86_64 15.0 package: efa602268277e4b7838f04c52352e5d2 xorg-server-1.20.14-x86_64-14_slack15.0.txz 2290325db04ba991244e1db34b6039e5 xorg-server-xephyr-1.20.14-x86_64-14_slack15.0.txz 9dfe708add6b47877fa76bfc7ecdbbb0 xorg-server-xnest-1.20.14-x86_64-14_slack15.0.txz f9a9222328fe88bf81f446ef8a77c066 xorg-server-xvfb-1.20.14-x86_64-14_slack15.0.txz 99523a7eca2c145d269b65cbad18bf75 xorg-server-xwayland-21.1.4-x86_64-12_slack15.0.txz
Slackware -current package: 8d6aa07b319d2aef7eabb667000828fc x/xorg-server-21.1.14-i686-1.txz c92414cd5b46a14cefe2207fa66b311d x/xorg-server-xephyr-21.1.14-i686-1.txz 67a0bcf3041c78cbd6a4971502fb6261 x/xorg-server-xnest-21.1.14-i686-1.txz 16dc00c9cb9bf872fc287319ade2abe4 x/xorg-server-xvfb-21.1.14-i686-1.txz 1622be5d7be614fd784519869a665e76 x/xorg-server-xwayland-24.1.4-i686-1.txz
Slackware x86_64 -current package: 7e36599b3810e2066afef71c5c6c7511 x/xorg-server-21.1.14-x86_64-1.txz 4347494b4a665a3d3b2901fe6340d28f x/xorg-server-xephyr-21.1.14-x86_64-1.txz 2490efadbfb293db40891f48068e1ce8 x/xorg-server-xnest-21.1.14-x86_64-1.txz 175fde9e0f27767bf96659b1ac3c0230 x/xorg-server-xvfb-21.1.14-x86_64-1.txz 91929af00bfe32aa554b2c06754cb792 x/xorg-server-xwayland-24.1.4-x86_64-1.txz

Severity
[slackware-security] xorg-server (SSA:2024-304-04)
New xorg-server packages are available for Slackware 15.0 and -current to fix security issues.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg xorg-server-*.txz

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved