Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

X.Org X server, XWayland: Multiple Vulnerabilities — GLSA 202305-30

Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation or remote code execution.

Affected packages

Package x11-base/xorg-server on all architectures
Affected versions < 21.1.8
Unaffected versions >= 21.1.8
Package x11-base/xwayland on all architectures
Affected versions < 23.1.1
Unaffected versions >= 23.1.1

Background

The X Window System is a graphical windowing system based on a client/server model.

Description

Multiple vulnerabilities have been discovered in X.Org X server, XWayland. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All X.Org X server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.8"

All XWayland users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-base/xwayland-23.1.1"

References

Release date
May 30, 2023

Latest revision
May 30, 2023: 1

Severity
high

Exploitable
remote

Bugzilla entries