Bug 33058

Summary: x11-server, x11-server-xwayland and tigervnc new security issues CVE-2024-3108[013]
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, brtians1, herman.viaene, mageia, sysadmin-bugs
Version: 9Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA9-64-OK
Source RPM: x11-server, x11-server-xwayland, tigervnc CVE: CVE-2024-31080, CVE-2024-31081, CVE-2024-31083
Status comment:

Description Nicolas Salguero 2024-04-04 10:17:26 CEST 
Those CVEs were announced here:
https://www.openwall.com/lists/oss-security/2024/04/03/13

There are fixed in xorg-server 21.1.12 and xwayland 23.2.5 or with the commits provided in the link above.

As usual, tigervnc will need a rebuild to include the fixes from the package x11-server-source, once xorg-server is patched (for Mageia 9) or updated (for Cauldron).
Nicolas Salguero 2024-04-04 10:18:14 CEST

CVE: (none) => CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083
Source RPM: (none) => x11-server, x11-server-xwayland, tigervnc
Whiteboard: (none) => MGA9TOO
Status comment: (none) => Fixed upstream in xorg-server 21.1.12 and xwayland 23.2.5 and patches available from upsteam

Comment 1 Lewis Smith 2024-04-04 21:36:43 CEST 
x11-server version 21.1.12 is already in Cauldron, thanks to Nicolas.
version 23.2.5 of x11-server-xwayland likewise already there.
Nicolas has also already done the necessary tigervnc rebuild.

So Caudron already sorted!
Assigning globally for the Mageia 9 updates.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2024-04-05 09:08:20 CEST 
CVE-2024-31082 only affects the Xquartz server for MacOS systems.

Version: Cauldron => 9
CVE: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083 => CVE-2024-31080, CVE-2024-31081, CVE-2024-31083
Status comment: Fixed upstream in xorg-server 21.1.12 and xwayland 23.2.5 and patches available from upsteam => (none)
Summary: x11-server, x11-server-xwayland and tigervnc new security issues CVE-2024-3108[0-3] => x11-server, x11-server-xwayland and tigervnc new security issues CVE-2024-3108[013]
Whiteboard: MGA9TOO => (none)

Comment 3 Nicolas Salguero 2024-04-05 09:18:23 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Heap buffer overread/data leakage in ProcXIGetSelectedEvents. (CVE-2024-31080)

Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. (CVE-2024-31081)

User-after-free in ProcRenderAddGlyphs. (CVE-2024-31083)

References:
https://www.openwall.com/lists/oss-security/2024/04/03/13
========================

Updated packages in core/updates_testing:
========================
x11-server-21.1.8-7.4.mga9
x11-server-common-21.1.8-7.4.mga9
x11-server-devel-21.1.8-7.4.mga9
x11-server-source-21.1.8-7.4.mga9
x11-server-xephyr-21.1.8-7.4.mga9
x11-server-xnest-21.1.8-7.4.mga9
x11-server-xorg-21.1.8-7.4.mga9
x11-server-xvfb-21.1.8-7.4.mga9

x11-server-xwayland-22.1.9-1.4.mga9
x11-server-xwayland-devel-22.1.9-1.4.mga9

tigervnc-1.13.1-2.4.mga9
tigervnc-java-1.13.1-2.4.mga9
tigervnc-server-1.13.1-2.4.mga9
tigervnc-server-module-1.13.1-2.4.mga9

from SRPMS:
x11-server-21.1.8-7.4.mga9.src.rpm
x11-server-xwayland-22.1.9-1.4.mga9.src.rpm
tigervnc-1.13.1-2.4.mga9.src.rpm

Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs

PC LX 2024-04-05 15:25:01 CEST

CC: (none) => mageia

katnatek 2024-04-05 19:32:14 CEST

Keywords: (none) => advisory

Comment 4 katnatek 2024-04-06 01:39:56 CEST 
RH mageia 9 x86_64

These packages were updated without issues

LC_ALL=C urpmi --auto --auto-update 
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing x11-server-xorg-21.1.8-7.4.mga9.x86_64.rpm x11-server-common-21.1.8-7.4.mga9.x86_64.rpm x11-server-xwayland-22.1.9-1.4.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ######################################################################################
      1/3: x11-server-common     ######################################################################################
      2/3: x11-server-xorg       ######################################################################################
      3/3: x11-server-xwayland   ######################################################################################
      1/3: removing x11-server-xwayland-22.1.9-1.3.mga9.x86_64
                                 ######################################################################################
      2/3: removing x11-server-xorg-21.1.8-7.3.mga9.x86_64
                                 ######################################################################################
      3/3: removing x11-server-common-21.1.8-7.3.mga9.x86_64
                                 ######################################################################################
Comment 5 katnatek 2024-04-06 03:04:33 CEST 
RH mageia 9 x86_64

After reboot, test Plasma X11

Not issues detected
Comment 6 katnatek 2024-04-06 20:41:41 CEST 
RH mageia 9 x86_64

Plasma Wayland session

Not issues detected
Comment 7 katnatek 2024-04-08 21:45:19 CEST 
RH mageia 9 i586

Packages updated without issues

installing x11-server-common-21.1.8-7.4.mga9.i586.rpm x11-server-xorg-21.1.8-7.4.mga9.i586.rpm x11-server-xwayland-22.1.9-1.4.mga9.i586.rpm from //home/katnatek/qa-testing/i586
Preparing...                     ################################################################
      1/3: x11-server-common     ################################################################
      2/3: x11-server-xorg       ################################################################
      3/3: x11-server-xwayland   ################################################################
      1/3: removing x11-server-xwayland-22.1.9-1.3.mga9.i586
                                 ################################################################
      2/3: removing x11-server-xorg-21.1.8-7.3.mga9.i586
                                 ################################################################
      3/3: removing x11-server-common-21.1.8-7.3.mga9.i586
                                 ################################################################

Reboot and start Plasma X11 session , not issues detected.

It would be good if someone test tigervnc packages
Comment 8 Herman Viaene 2024-04-10 15:30:37 CEST 
MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues.
Rebooted after installation, logged in to Plasma Waylnd, no ill effects on the laptop.
Now for the tiger stuff:
# systemctl  start vncserver
# systemctl -l status vncserver
● vncserver.service - LSB: Start TigerVNC server at boot time
     Loaded: loaded (/etc/rc.d/init.d/vncserver; generated)
     Active: active (exited) since Wed 2024-04-10 15:15:36 CEST; 3s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 21928 ExecStart=/etc/rc.d/init.d/vncserver start (code=exited, status=0/SUCCESS)
        CPU: 75ms

Apr 10 15:15:36 mach4.hviaene.thuis systemd[1]: Starting vncserver.service...
Apr 10 15:15:36 mach4.hviaene.thuis vncserver[21928]: Starting vncserver: [  OK  ]
Apr 10 15:15:36 mach4.hviaene.thuis systemd[1]: Started vncserver.service.
and opened up port 5900/tcp
Then as normal user:
$ vncviewer 

TigerVNC Viewer v1.13.1
Built on: 2024-04-05 06:22
Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst)
See https://www.tigervnc.org for information on TigerVNC.

Wed Apr 10 15:20:49 2024
 DecodeManager: Detected 4 CPU core(s)
 DecodeManager: Creating 4 decoder thread(s)
 CConn:       unable to connect to socket: Connection refused (111)
 DecodeManager:   Total: 0 rects, 0 pixels
 DecodeManager:          0 B (1:-nan ratio)
The dialogue comes up, I enter my laptop name and get 
unable to connect, connection refused.
In all the years I run Mageia, I've never been able to get around this, so I won't spend any further time on it.
I will not object the OK when someone els drops in.

CC: (none) => herman.viaene

Comment 9 Brian Rockwell 2024-04-10 15:53:48 CEST 
MGA9-64, Xfce, Asus Laptop

AMD A6-9225 RADEON R4
RTL8723BE 
Bluetooth

The following 3 packages are going to be installed:

- x11-server-common-21.1.8-7.4.mga9.x86_64
- x11-server-xorg-21.1.8-7.4.mga9.x86_64
- x11-server-xwayland-22.1.9-1.4.mga9.x86_64

136B of additional disk space will be used.

--- rebooted

Living with this for several days, no issues.

CC: (none) => brtians1

Comment 10 Thomas Andrews 2024-04-10 17:20:48 CEST 
MGA9-64 Plasma, i5-7500, Nvidia Quadro K620 (nvidia-current) graphics.

Updated the same packages as comment 9, used it yesterday afternoon and today, no issues to report.

CC: (none) => andrewsfarm

Comment 11 Brian Rockwell 2024-04-10 23:22:35 CEST 
TigerVNC testing

Server:  Plasma desktop

The following 2 packages are going to be installed:

- tigervnc-server-1.13.1-2.4.mga9.x86_64
- tigervnc-server-module-1.13.1-2.4.mga9.x86_64



After install

I run the utility to set up the access password for VNC

$ vncpasswd

--- follow the prompts

Make sure you open port 5900/tcp in your firewall if you are doing a true remote test.

next run server from command line:

$ x0vncserver -passwordfile ~/.vnc/passwd

Wed Apr 10 16:04:06 2024
 Geometry:    Desktop geometry is set to 1920x1080+0+0
 XDesktop:    Using evdev codemap
 XDesktop:    
 XDesktop:    XTest extension present - version 2.2
 XDesktop:    DAMAGE extension not present
 XDesktop:    Will have to poll screen for changes
 Main:        Listening for VNC connections on all interface(s), port 5900

FYI - get your server ip


---- now on client

Xfce

installed updates.

then run TigerVnc Viewer - I picked it from the menu
Enter IP when prompted
Enter Password you set up in vnc above

it is working as expected for me.

(typed from client connected to the server).  

Have fun
katnatek 2024-04-11 02:01:29 CEST

Whiteboard: (none) => MGA9-64-OK

Comment 12 Thomas Andrews 2024-04-12 00:59:07 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 13 Mageia Robot 2024-04-12 01:59:33 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0121.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED