Upstream has issued an advisory today (December 14): https://lists.x.org/archives/xorg-announce/2021-December/003122.html The issues are fixed upstream in x11-server 21.1.2 (not yet released) and XWayland 21.1.4: https://lists.x.org/archives/xorg-announce/2021-December/003123.html Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 21.1.2 and 21.1.4
Ubuntu has issued an advisory for this today (December 14): https://ubuntu.com/security/notices/USN-5193-1
Severity: normal => major
x11-server 21.1.2 and 1.20.14 have been released, fixing this: https://lists.x.org/archives/xorg-announce/2021-December/003125.html https://lists.x.org/archives/xorg-announce/2021-December/003124.html tmb has updated Cauldron (not xwayland yet though).
Name : x11-server-xwayland Relocations: (not relocatable) Version : 21.1.4 Vendor: Mageia.Org Release : 1.mga9 Build Date: Tue 14 Dec 2021 10:06:10 PM CET
(In reply to Thomas Backlund from comment #3) > Name : x11-server-xwayland Relocations: (not relocatable) > Version : 21.1.4 Vendor: Mageia.Org > Release : 1.mga9 Build Date: Tue 14 Dec 2021 > 10:06:10 PM CET O_O. I don't see that on pkgsubmit, but I do see it on the mirrors. How'd that happen?
Status comment: Fixed upstream in 21.1.2 and 21.1.4 => Fixed upstream in xorg server 1.20.14 and 21.1.2 and xwayland 21.1.4Whiteboard: MGA8TOO => (none)Version: Cauldron => 8
xwayland isn't a separate SRPM on Mageia 8. xorg server 1.20.14 uploaded for Mageia 8 by tmb. x11-server-source-1.20.14-1.mga8 x11-server-xorg-1.20.14-1.mga8 x11-server-xephyr-1.20.14-1.mga8 x11-server-xwayland-1.20.14-1.mga8 x11-server-xdmx-1.20.14-1.mga8 x11-server-xvfb-1.20.14-1.mga8 x11-server-xnest-1.20.14-1.mga8 x11-server-1.20.14-1.mga8 x11-server-common-1.20.14-1.mga8 x11-server-devel-1.20.14-1.mga8 from x11-server-1.20.14-1.mga8.src.rpm
Source RPM: x11-server-21.1.1-4.mga9.src.rpm, x11-server-xwayland-21.1.3-1.mga9.src.rpm => x11-server-1.20.12-1.mga8.src.rpmStatus comment: Fixed upstream in xorg server 1.20.14 and 21.1.2 and xwayland 21.1.4 => (none)
Assignee: tmb => qa-bugs
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues. Rebooted after installation, runniing now for 3 hours, no ill effects noted. Note: I didn't search very throruohgly, bt I found not an easy way to configure the system to runn wayland.
CC: (none) => herman.viaene
Advisory, added to svn: type: security subject: Updated x11-server packages fix security vulnerabilities CVE: - CVE-2021-4008 - CVE-2021-4009 - CVE-2021-4010 - CVE-2021-4011 src: 8: core: - x11-server-1.20.14-1.mga8 description: | Updated x11-server packages fix security vulnerabilities: The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write (CVE-2021-4008). The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write (CVE-2021-4009). The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write (CVE-2021-4010). The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write (CVE-2021-4011). All of these issues can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. references: - https://bugs.mageia.org/show_bug.cgi?id=29767 - https://lists.x.org/archives/xorg-announce/2021-December/003124.html
Keywords: (none) => advisory
OK here mga8-64, Plasma, Nvidia-current, 4k screen Tested together with kernel-desktop-5.15.6-2, then with added updates of the mesa libdrm Bug 29782, and then also with kernel updated to kernel-desktop-5.15.10-1. Normal desktop apps, videos in browser, VirtualBox with MSW7 client. Not tested: wayland
CC: (none) => fri
Fedora has issued advisories for this today (December 19): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T57DCF726O5LLTST4NBL5PQ7DLPB46HT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PDHYZM6FII35JA7J275MFCJO6ADJUPQX/
Running Gnome on Wayland here for the last ~2,5 days without issues...
CC: (none) => sysadmin-bugsWhiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0573.html
Status: NEW => RESOLVEDResolution: (none) => FIXED