X.org has issued an advisory today (December 14): https://lists.x.org/archives/xorg-announce/2022-December/003302.html Thierry noticed but forgot to file a bug again.
CC: (none) => thierry.vignaudStatus comment: (none) => Patches available from upstream
Ubuntu has issued an advisory for this today (December 14): https://ubuntu.com/security/notices/USN-5778-1
Severity: normal => major
Fedora has issued an advisory for this today (December 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
(In reply to David Walser from comment #2) > Fedora has issued an advisory for this today (December 16): > https://lists.fedoraproject.org/archives/list/package-announce@lists. > fedoraproject.org/thread/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/ with a followup due to a buggy patch for CVE-2022-46340: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/
Blocks: (none) => 31386
Suggested advisory: ======================== The updated packages fix security vulnerabilities: X.Org Server XTestSwapFakeInput stack overflow. (CVE-2022-46340) X.Org Server XIPassiveUngrab out-of-bounds access. (CVE-2022-46341) X.Org Server XvdiSelectVideoNotify use-after-free. (CVE-2022-46342) X.Org Server ScreenSaverSetAttributes use-after-free. (CVE-2022-46343) X.Org Server XIChangeProperty out-of-bounds access. (CVE-2022-46344) X.Org Server XkbGetKbdByName use-after-free. (CVE-2022-4283) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46340 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46342 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46343 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46344 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4283 https://lists.x.org/archives/xorg-announce/2022-December/003302.html https://ubuntu.com/security/notices/USN-5778-1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/ ======================== Updated packages in core/updates_testing: ======================== x11-server-1.20.14-4.1.mga8 x11-server-common-1.20.14-4.1.mga8 x11-server-devel-1.20.14-4.1.mga8 x11-server-source-1.20.14-4.1.mga8 x11-server-xdmx-1.20.14-4.1.mga8 x11-server-xephyr-1.20.14-4.1.mga8 x11-server-xnest-1.20.14-4.1.mga8 x11-server-xorg-1.20.14-4.1.mga8 x11-server-xvfb-1.20.14-4.1.mga8 x11-server-xwayland-1.20.14-4.1.mga8 from SRPM: x11-server-1.20.14-4.1.mga8.src.rpm
Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroAssignee: tmb => qa-bugsStatus comment: Patches available from upstream => (none)
OK for me mga8-64, Plasma CPU: i7-3770, Kernel 5.15.82-desktop-1.mga8 GPU: GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display. For my system: - x11-server-common-1.20.14-4.1.mga8.x86_64 - x11-server-xephyr-1.20.14-4.1.mga8.x86_64 - x11-server-xnest-1.20.14-4.1.mga8.x86_64 - x11-server-xorg-1.20.14-4.1.mga8.x86_64 - x11-server-xwayland-1.20.14-4.1.mga8.x86_64 rebooted, tried some normal apps: LibreOffice, Thunderbird, Firefox with video, VirtualBox with Win7 running Chrome with video. ...
CC: (none) => fri
mga8, x64 AMD Ryzen, Lucienne video card, renderer RENOIR, driver amdgpu. On this system only x11-server-commom x11-server-xorg x11-server-xwayland were installed. Installed the rest and then updated. Clean update. Rebooted to Mate. Desktop graphics OK, LO writer, Youtube in Firefox, vlc with MP4 file, virtualbox, eom image display. Logged out and logged into Cinnamon (software rendering). All good there as well. Darktable, emacs, Firefox... Looks OK.
CC: (none) => tarazed25
Installed and tested for two days without issues. Tested with normal workstation usage, video playback, 3D games, Steam, etc. Host System: Mageia 8, x86_64, Plasma, LXQt, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver. Guest System: QEMU/KVM, Mageia 8, x86_64, LXQt, PCI pass through GPU Radeon 6500 XT using amdgpu driver. ---- HOST SYSTEM ---- $ uname -a Linux jupiter 6.0.12-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Thu Dec 8 20:25:50 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep x11-server x11-server-xwayland-1.20.14-4.1.mga8 x11-server-common-1.20.14-4.1.mga8 x11-server-xorg-1.20.14-4.1.mga8 $ lspci 00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne Root Complex 00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne IOMMU 00:01.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge 00:01.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe GPP Bridge 00:02.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge 00:02.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge 00:02.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge 00:08.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge 00:08.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir Internal PCIe GPP Bridge to Bus 00:08.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir Internal PCIe GPP Bridge to Bus 00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller (rev 51) 00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge (rev 51) 00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 0 00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 1 00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 2 00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 3 00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 4 00:18.5 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 5 00:18.6 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 6 00:18.7 Host bridge: Advanced Micro Devices, Inc. [AMD] Cezanne Data Fabric; Function 7 01:00.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] Navi 10 XL Upstream Port of PCI Express Switch (rev c1) 02:00.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] Navi 10 XL Downstream Port of PCI Express Switch 03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Navi 24 [Radeon RX 6400 / 6500 XT] (rev c1) 03:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Navi 21/23 HDMI/DP Audio Controller 04:00.0 USB controller: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset USB 3.1 XHCI Controller (rev 01) 04:00.1 SATA controller: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset SATA Controller (rev 01) 04:00.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe Bridge (rev 01) 05:00.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe Port (rev 01) 05:01.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe Port (rev 01) 05:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe Port (rev 01) 05:06.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe Port (rev 01) 05:07.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] 400 Series Chipset PCIe Port (rev 01) 06:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 26) 0b:00.0 Non-Volatile memory controller: Kingston Technology Company, Inc. Device 500f (rev 03) 0c:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Cezanne (rev c9) 0c:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Renoir Radeon High Definition Audio Controller 0c:00.2 Encryption controller: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 10h-1fh) Platform Security Processor 0c:00.3 USB controller: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1 0c:00.4 USB controller: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1 0c:00.6 Audio device: Advanced Micro Devices, Inc. [AMD] Family 17h/19h HD Audio Controller 0d:00.0 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [AHCI mode] (rev 81) ---- GUEST SYSTEM ---- $ uname -a Linux jupiter-vm-mageia-8 6.0.12-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Thu Dec 8 20:25:50 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep x11-server x11-server-xorg-1.20.14-4.1.mga8 x11-server-common-1.20.14-4.1.mga8 x11-server-xwayland-1.20.14-4.1.mga8 $ lspci 00:00.0 Host bridge: Intel Corporation 82G33/G31/P35/P31 Express DRAM Controller 00:01.0 PCI bridge: Red Hat, Inc. QEMU PCIe Root port 00:01.1 PCI bridge: Red Hat, Inc. QEMU PCIe Root port 00:01.2 PCI bridge: Red Hat, Inc. QEMU PCIe Root port 00:02.0 PCI bridge: Red Hat, Inc. QEMU PCIe Root port 00:02.1 PCI bridge: Red Hat, Inc. QEMU PCIe Root port 00:02.2 PCI bridge: Red Hat, Inc. QEMU PCIe Root port 00:02.3 PCI bridge: Red Hat, Inc. QEMU PCIe Root port 00:02.4 PCI bridge: Red Hat, Inc. QEMU PCIe Root port 00:02.5 PCI bridge: Red Hat, Inc. QEMU PCIe Root port 00:02.6 PCI bridge: Red Hat, Inc. QEMU PCIe Root port 00:02.7 PCI bridge: Red Hat, Inc. QEMU PCIe Root port 00:03.0 PCI bridge: Red Hat, Inc. QEMU PCIe Root port 00:1b.0 Audio device: Intel Corporation 82801I (ICH9 Family) HD Audio Controller (rev 03) 00:1f.0 ISA bridge: Intel Corporation 82801IB (ICH9) LPC Interface Controller (rev 02) 00:1f.2 SATA controller: Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] (rev 02) 00:1f.3 SMBus: Intel Corporation 82801I (ICH9 Family) SMBus Controller (rev 02) 01:00.0 Keyboard controller: Red Hat, Inc. Virtio input (rev 01) 02:00.0 Input device controller: Red Hat, Inc. Virtio input (rev 01) 03:00.0 Unclassified device [0002]: Red Hat, Inc. Virtio filesystem (rev 01) 04:00.0 PCI bridge: Red Hat, Inc. Device 000e 05:01.0 SCSI storage controller: Broadcom / LSI 53c895a 06:00.0 Ethernet controller: Red Hat, Inc. Virtio network device (rev 01) 07:00.0 USB controller: Red Hat, Inc. QEMU XHCI Host Controller (rev 01) 08:00.0 Communication controller: Red Hat, Inc. Virtio console (rev 01) 09:00.0 SCSI storage controller: Red Hat, Inc. Virtio block device (rev 01) 0a:00.0 Unclassified device [00ff]: Red Hat, Inc. Virtio memory balloon (rev 01) 0b:00.0 Unclassified device [00ff]: Red Hat, Inc. Virtio RNG (rev 01) 0c:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Navi 24 [Radeon RX 6400 / 6500 XT] (rev c1) 0d:00.0 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Navi 21/23 HDMI/DP Audio Controller
CC: (none) => mageia
MGA8-64 Plasma, i5-2500, Intel graphics, wired Internet. No installation issues. Been using it for a day and a half for normal workstation usage, with no issues.
CC: (none) => andrewsfarm
mga8, x64 Mate, 5.15.82-desktop-1.mga8, NVIDIA GP102 [GeForce GTX 1080 Ti] Updated the ten packages and logged out and in again. Desktop operating as before. Firefox, Falkon, Thunderbird, LO writer, stellarium, all running fine.
MGA8-64 MATE on Acer Aspire 5253 No installation issues. After installation rebooted into Xfce, tested website with video, mpg file, a few ther file types, all OK. Logged out and logged in again to MATE, and repeated the tests, all seems OK.
CC: (none) => herman.viaene
MGA8-64 Plasma on an HP Pavilion 15 N211dx, AMD A8-4555M APU with HD 7600G graphics, rtl8188EE wifi. No installation issues. Updated these packages, rebooted, took a quick look at a few apps with no issues noted. Then I updated to kernel-desktop 5.15.88-1, rebooted once more, and did more extensive activity. Again, no issues noted.
MGA8-32 on real 32-bit hardware, namely Foolishness, my Dell Inspiron 5100, P4, Radeon RV200 graphics, Atheros-based wifi, 32-bit Xfce system. No installation issues, and no regressions noticed trying this and that after a reboot. Giving this an OK on both arches, and validating. Advisory in comment 4.
CC: (none) => sysadmin-bugsWhiteboard: (none) => MGA8-32-OK MGA8-64-OKKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0012.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED