xorg-x11-server-Xwayland-23.2.7-6.el9_7
エラータID: AXSA:2026-543:02
リリース日:
2026/05/04 Monday - 19:30
題名:
xorg-x11-server-Xwayland-23.2.7-6.el9_7
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.org には、整数アンダーフローの問題があるため、ローカルの
攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-33999)
- X.org には、メモリ領域の解放後利用の問題があるため、ローカル
の攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃
を可能とする脆弱性が存在します。(CVE-2026-34001)
- X.org には、メモリ領域の範囲外読み取りの問題があるため、
ローカルの攻撃者により、情報の漏洩、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2026-34003)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-33999
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
CVE-2026-34001
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
CVE-2026-34003
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
追加情報:
N/A
ダウンロード:
SRPMS
- xorg-x11-server-Xwayland-23.2.7-6.el9_7.src.rpm
MD5: d9bec2b6025c3e12db041d2f8c22e37a
SHA-256: 7631f4f69dec5d2ec09551db6cfdaa8979adaab372e6fbd6f432ff13d435d814
Size: 1.28 MB
Asianux Server 9 for x86_64
- xorg-x11-server-Xwayland-23.2.7-6.el9_7.i686.rpm
MD5: 720d1ac1e64f9cd4074a34603defa1fb
SHA-256: 72ed728e3ceedf3af5565d6d9f6ca2579d9ed5c72f7e249182b79d990cc97ea7
Size: 1.01 MB - xorg-x11-server-Xwayland-23.2.7-6.el9_7.x86_64.rpm
MD5: 4aecb0aa955bab69802ef1839c62513c
SHA-256: f8debcf35c58c50d2274b2c52c78c526ea031012ff588d4f5252d0ef31f5a9cf
Size: 0.96 MB - xorg-x11-server-Xwayland-devel-23.2.7-6.el9_7.i686.rpm
MD5: b93047bf1848aeed5739fe1a3cfd1863
SHA-256: 4db13e2c982d7706d11dcb62fd4dce16fe1e36eec08617120f86857783cc91e7
Size: 8.58 kB - xorg-x11-server-Xwayland-devel-23.2.7-6.el9_7.x86_64.rpm
MD5: a17e421517e01f78af7956029d3c530a
SHA-256: b6b3e4fbacdf1c2b43e951639ec49294061119f38d544d4e52c065e52a708263
Size: 8.56 kB
English