33058 – x11-server, x11-server-xwayland and tigervnc new security issues CVE-2024-3108[013]

Bug 33058 - x11-server, x11-server-xwayland and tigervnc new security issues CVE-2024-3108[013]

Summary: x11-server, x11-server-xwayland and tigervnc new security issues CVE-2024-310...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2024-04-04 10:17 CEST by Nicolas Salguero
Modified:	2024-04-12 01:59 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	x11-server, x11-server-xwayland, tigervnc
CVE:	CVE-2024-31080, CVE-2024-31081, CVE-2024-31083
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-04-04 10:17:26 CEST

Those CVEs were announced here:
https://www.openwall.com/lists/oss-security/2024/04/03/13

There are fixed in xorg-server 21.1.12 and xwayland 23.2.5 or with the commits provided in the link above.

As usual, tigervnc will need a rebuild to include the fixes from the package x11-server-source, once xorg-server is patched (for Mageia 9) or updated (for Cauldron).

Nicolas Salguero 2024-04-04 10:18:14 CEST

CVE: (none) => CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083
Source RPM: (none) => x11-server, x11-server-xwayland, tigervnc
Whiteboard: (none) => MGA9TOO
Status comment: (none) => Fixed upstream in xorg-server 21.1.12 and xwayland 23.2.5 and patches available from upsteam

Comment 1 Lewis Smith 2024-04-04 21:36:43 CEST

x11-server version 21.1.12 is already in Cauldron, thanks to Nicolas.
version 23.2.5 of x11-server-xwayland likewise already there.
Nicolas has also already done the necessary tigervnc rebuild.

So Caudron already sorted!
Assigning globally for the Mageia 9 updates.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2024-04-05 09:08:20 CEST

CVE-2024-31082 only affects the Xquartz server for MacOS systems.

Version: Cauldron => 9
CVE: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083 => CVE-2024-31080, CVE-2024-31081, CVE-2024-31083
Status comment: Fixed upstream in xorg-server 21.1.12 and xwayland 23.2.5 and patches available from upsteam => (none)
Summary: x11-server, x11-server-xwayland and tigervnc new security issues CVE-2024-3108[0-3] => x11-server, x11-server-xwayland and tigervnc new security issues CVE-2024-3108[013]
Whiteboard: MGA9TOO => (none)

Comment 3 Nicolas Salguero 2024-04-05 09:18:23 CEST

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Heap buffer overread/data leakage in ProcXIGetSelectedEvents. (CVE-2024-31080)

Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. (CVE-2024-31081)

User-after-free in ProcRenderAddGlyphs. (CVE-2024-31083)

References:
https://www.openwall.com/lists/oss-security/2024/04/03/13
========================

Updated packages in core/updates_testing:
========================
x11-server-21.1.8-7.4.mga9
x11-server-common-21.1.8-7.4.mga9
x11-server-devel-21.1.8-7.4.mga9
x11-server-source-21.1.8-7.4.mga9
x11-server-xephyr-21.1.8-7.4.mga9
x11-server-xnest-21.1.8-7.4.mga9
x11-server-xorg-21.1.8-7.4.mga9
x11-server-xvfb-21.1.8-7.4.mga9

x11-server-xwayland-22.1.9-1.4.mga9
x11-server-xwayland-devel-22.1.9-1.4.mga9

tigervnc-1.13.1-2.4.mga9
tigervnc-java-1.13.1-2.4.mga9
tigervnc-server-1.13.1-2.4.mga9
tigervnc-server-module-1.13.1-2.4.mga9

from SRPMS:
x11-server-21.1.8-7.4.mga9.src.rpm
x11-server-xwayland-22.1.9-1.4.mga9.src.rpm
tigervnc-1.13.1-2.4.mga9.src.rpm

Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs

PC LX 2024-04-05 15:25:01 CEST

CC: (none) => mageia

katnatek 2024-04-05 19:32:14 CEST

Keywords: (none) => advisory

Comment 4 katnatek 2024-04-06 01:39:56 CEST

RH mageia 9 x86_64

These packages were updated without issues

LC_ALL=C urpmi --auto --auto-update 
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing x11-server-xorg-21.1.8-7.4.mga9.x86_64.rpm x11-server-common-21.1.8-7.4.mga9.x86_64.rpm x11-server-xwayland-22.1.9-1.4.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ######################################################################################
      1/3: x11-server-common     ######################################################################################
      2/3: x11-server-xorg       ######################################################################################
      3/3: x11-server-xwayland   ######################################################################################
      1/3: removing x11-server-xwayland-22.1.9-1.3.mga9.x86_64
                                 ######################################################################################
      2/3: removing x11-server-xorg-21.1.8-7.3.mga9.x86_64
                                 ######################################################################################
      3/3: removing x11-server-common-21.1.8-7.3.mga9.x86_64
                                 ######################################################################################

Comment 5 katnatek 2024-04-06 03:04:33 CEST

RH mageia 9 x86_64

After reboot, test Plasma X11

Not issues detected

Comment 6 katnatek 2024-04-06 20:41:41 CEST

RH mageia 9 x86_64

Plasma Wayland session

Not issues detected

Comment 7 katnatek 2024-04-08 21:45:19 CEST

RH mageia 9 i586

Packages updated without issues

installing x11-server-common-21.1.8-7.4.mga9.i586.rpm x11-server-xorg-21.1.8-7.4.mga9.i586.rpm x11-server-xwayland-22.1.9-1.4.mga9.i586.rpm from //home/katnatek/qa-testing/i586
Preparing...                     ################################################################
      1/3: x11-server-common     ################################################################
      2/3: x11-server-xorg       ################################################################
      3/3: x11-server-xwayland   ################################################################
      1/3: removing x11-server-xwayland-22.1.9-1.3.mga9.i586
                                 ################################################################
      2/3: removing x11-server-xorg-21.1.8-7.3.mga9.i586
                                 ################################################################
      3/3: removing x11-server-common-21.1.8-7.3.mga9.i586
                                 ################################################################

Reboot and start Plasma X11 session , not issues detected.

It would be good if someone test tigervnc packages

Comment 8 Herman Viaene 2024-04-10 15:30:37 CEST

MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues.
Rebooted after installation, logged in to Plasma Waylnd, no ill effects on the laptop.
Now for the tiger stuff:
# systemctl  start vncserver
# systemctl -l status vncserver
● vncserver.service - LSB: Start TigerVNC server at boot time
     Loaded: loaded (/etc/rc.d/init.d/vncserver; generated)
     Active: active (exited) since Wed 2024-04-10 15:15:36 CEST; 3s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 21928 ExecStart=/etc/rc.d/init.d/vncserver start (code=exited, status=0/SUCCESS)
        CPU: 75ms

Apr 10 15:15:36 mach4.hviaene.thuis systemd[1]: Starting vncserver.service...
Apr 10 15:15:36 mach4.hviaene.thuis vncserver[21928]: Starting vncserver: [  OK  ]
Apr 10 15:15:36 mach4.hviaene.thuis systemd[1]: Started vncserver.service.
and opened up port 5900/tcp
Then as normal user:
$ vncviewer 

TigerVNC Viewer v1.13.1
Built on: 2024-04-05 06:22
Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst)
See https://www.tigervnc.org for information on TigerVNC.

Wed Apr 10 15:20:49 2024
 DecodeManager: Detected 4 CPU core(s)
 DecodeManager: Creating 4 decoder thread(s)
 CConn:       unable to connect to socket: Connection refused (111)
 DecodeManager:   Total: 0 rects, 0 pixels
 DecodeManager:          0 B (1:-nan ratio)
The dialogue comes up, I enter my laptop name and get 
unable to connect, connection refused.
In all the years I run Mageia, I've never been able to get around this, so I won't spend any further time on it.
I will not object the OK when someone els drops in.

CC: (none) => herman.viaene

Comment 9 Brian Rockwell 2024-04-10 15:53:48 CEST

MGA9-64, Xfce, Asus Laptop

AMD A6-9225 RADEON R4
RTL8723BE 
Bluetooth

The following 3 packages are going to be installed:

- x11-server-common-21.1.8-7.4.mga9.x86_64
- x11-server-xorg-21.1.8-7.4.mga9.x86_64
- x11-server-xwayland-22.1.9-1.4.mga9.x86_64

136B of additional disk space will be used.

--- rebooted

Living with this for several days, no issues.

CC: (none) => brtians1

Comment 10 Thomas Andrews 2024-04-10 17:20:48 CEST

MGA9-64 Plasma, i5-7500, Nvidia Quadro K620 (nvidia-current) graphics.

Updated the same packages as comment 9, used it yesterday afternoon and today, no issues to report.

CC: (none) => andrewsfarm

Comment 11 Brian Rockwell 2024-04-10 23:22:35 CEST

TigerVNC testing

Server:  Plasma desktop

The following 2 packages are going to be installed:

- tigervnc-server-1.13.1-2.4.mga9.x86_64
- tigervnc-server-module-1.13.1-2.4.mga9.x86_64



After install

I run the utility to set up the access password for VNC

$ vncpasswd

--- follow the prompts

Make sure you open port 5900/tcp in your firewall if you are doing a true remote test.

next run server from command line:

$ x0vncserver -passwordfile ~/.vnc/passwd

Wed Apr 10 16:04:06 2024
 Geometry:    Desktop geometry is set to 1920x1080+0+0
 XDesktop:    Using evdev codemap
 XDesktop:    
 XDesktop:    XTest extension present - version 2.2
 XDesktop:    DAMAGE extension not present
 XDesktop:    Will have to poll screen for changes
 Main:        Listening for VNC connections on all interface(s), port 5900

FYI - get your server ip


---- now on client

Xfce

installed updates.

then run TigerVnc Viewer - I picked it from the menu
Enter IP when prompted
Enter Password you set up in vnc above

it is working as expected for me.

(typed from client connected to the server).  

Have fun

katnatek 2024-04-11 02:01:29 CEST

Whiteboard: (none) => MGA9-64-OK

Comment 12 Thomas Andrews 2024-04-12 00:59:07 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 13 Mageia Robot 2024-04-12 01:59:33 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0121.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.