Bug 30628 - x11-server security issues CVE-2022-2319 and CVE-2022-2320
Summary: x11-server security issues CVE-2022-2319 and CVE-2022-2320
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-07-12 17:06 CEST by Thomas Backlund
Modified: 2022-07-13 15:10 CEST (History)
3 users (show)

See Also:
Source RPM: x11-server
CVE:
Status comment:


Attachments

Description Thomas Backlund 2022-07-12 17:06:17 CEST
security fixes, ref:
https://lists.x.org/archives/xorg/2022-July/061035.html


SRPMS:
x11-server-1.20.14-3.mga8.src.rpm


i586:
x11-server-common-1.20.14-3.mga8.i586.rpm
x11-server-devel-1.20.14-3.mga8.i586.rpm
x11-server-source-1.20.14-3.mga8.noarch.rpm
x11-server-xdmx-1.20.14-3.mga8.i586.rpm
x11-server-xephyr-1.20.14-3.mga8.i586.rpm
x11-server-xnest-1.20.14-3.mga8.i586.rpm
x11-server-xorg-1.20.14-3.mga8.i586.rpm
x11-server-xvfb-1.20.14-3.mga8.i586.rpm
x11-server-xwayland-1.20.14-3.mga8.i586.rpm


x86_64:
x11-server-1.20.14-3.mga8.x86_64.rpm
x11-server-common-1.20.14-3.mga8.x86_64.rpm
x11-server-devel-1.20.14-3.mga8.x86_64.rpm
x11-server-source-1.20.14-3.mga8.noarch.rpm
x11-server-xdmx-1.20.14-3.mga8.x86_64.rpm
x11-server-xephyr-1.20.14-3.mga8.x86_64.rpm
x11-server-xnest-1.20.14-3.mga8.x86_64.rpm
x11-server-xorg-1.20.14-3.mga8.x86_64.rpm
x11-server-xvfb-1.20.14-3.mga8.x86_64.rpm
x11-server-xwayland-1.20.14-3.mga8.x86_64.rpm
Comment 1 Morgan Leijström 2022-07-12 19:52:00 CEST
mga8-64, Plasma, nvidia-current: No issues noted.

Machine: CPU: i7-3770, RAM 16G, GM107 [GeForce GTX 750]; GeForce 635 series and later, 4k display.  

Installed:
- x11-server-common-1.20.14-3.mga8.x86_64
- x11-server-xephyr-1.20.14-3.mga8.x86_64
- x11-server-xnest-1.20.14-3.mga8.x86_64
- x11-server-xorg-1.20.14-3.mga8.x86_64
- x11-server-xwayland-1.20.14-3.mga8.x86_64

(System did not and do not have package x11-server)

__Tested OK:
Clean update 
Rebooted, kernel 5.15.50-desktop-1
Nothing outstanding in system journal
Normal desktop apps
Video in Firefox
Virutalbox guest: Windows 7 With Firefox playing video, resizing guest window.

CC: (none) => fri

Comment 2 Dave Hodgins 2022-07-12 20:09:39 CEST
No regressions noticed in my x86_64 on real hardware, or in vb. Also no
regressions noticed in my aarch64 (rpi 4b) system.

CC: (none) => davidwhodgins

Comment 3 Dave Hodgins 2022-07-13 03:55:58 CEST
Validating the update. Advisory committed to svn.

Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2022-07-13 09:26:32 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0256.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 5 David Walser 2022-07-13 15:10:59 CEST
Ubuntu has issued an advisory for this on July 12:
https://ubuntu.com/security/notices/USN-5510-1

Note You need to log in before you can comment on or make changes to this bug.