Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/85b776571487f52e756f68a069c768757369bfe3

For Cauldron, x11-server-xwayland is already at version 24.1.4.

Status comment: (none) => Fixed upstream in x11-server 21.1.14 and patch available from upstream
Source RPM: (none) => x11-server-21.1.13-4.mga10.src.rpm, x11-server-21.1.8-7.5.mga9.src.rpm, x11-server-xwayland-22.1.9-1.5.mga9.src.rpm, tigervnc
CVE: (none) => CVE-2024-9632
Whiteboard: (none) => MGA9TOO

Correction: x11-server
new version 21.1.14 for CVE-2024-9632 (mga#33710 - this bug)

x11-server-xwayland: david david
 new version: 24.1.4 very recent Oct 30 2024, so maybe that already covered.
tigervnc: looks like ns80 has already done something in the last few hours.

So assigning to DavidG for confirmation.

Assignee: bugsquad => geiger.david68210

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. (CVE-2024-9632)

References:
https://www.openwall.com/lists/oss-security/2024/10/29/2
========================

Updated packages in core/updates_testing:
========================
x11-server-21.1.8-7.6.mga9
x11-server-common-21.1.8-7.6.mga9
x11-server-devel-21.1.8-7.6.mga9
x11-server-source-21.1.8-7.6.mga9
x11-server-xephyr-21.1.8-7.6.mga9
x11-server-xnest-21.1.8-7.6.mga9
x11-server-xorg-21.1.8-7.6.mga9
x11-server-xvfb-21.1.8-7.6.mga9

x11-server-xwayland-22.1.9-1.6.mga9
x11-server-xwayland-devel-22.1.9-1.6.mga9

tigervnc-1.13.1-2.6.mga9
tigervnc-java-1.13.1-2.6.mga9
tigervnc-server-1.13.1-2.6.mga9
tigervnc-server-module-1.13.1-2.6.mga9

from SRPMS:
x11-server-21.1.8-7.6.mga9.src.rpm
x11-server-xwayland-22.1.9-1.6.mga9.src.rpm
tigervnc-1.13.1-2.6.mga9.src.rpm

Assignee: geiger.david68210 => qa-bugs
Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
Status comment: Fixed upstream in x11-server 21.1.14 and patch available from upstream => (none)
Source RPM: x11-server-21.1.13-4.mga10.src.rpm, x11-server-21.1.8-7.5.mga9.src.rpm, x11-server-xwayland-22.1.9-1.5.mga9.src.rpm, tigervnc => x11-server-21.1.8-7.5.mga9.src.rpm, x11-server-xwayland-22.1.9-1.5.mga9.src.rpm, tigervnc-1.13.1-2.5.mga9.src.rpm
Status: NEW => ASSIGNED

RH x86_64

LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Nonfree 32bit Updates (distrib37)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date

installing x11-server-common-21.1.8-7.6.mga9.x86_64.rpm x11-server-xwayland-22.1.9-1.6.mga9.x86_64.rpm x11-server-xorg-21.1.8-7.6.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/3: x11-server-common     ##################################################################################################
      2/3: x11-server-xwayland   ##################################################################################################
      3/3: x11-server-xorg       ##################################################################################################
      1/3: removing x11-server-xorg-21.1.8-7.5.mga9.x86_64
                                 ##################################################################################################
      2/3: removing x11-server-xwayland-22.1.9-1.5.mga9.x86_64
                                 ##################################################################################################
      3/3: removing x11-server-common-21.1.8-7.5.mga9.x86_64

Reboot
Lxqt session OK

RH x86_64

Plasma Wayland session OK

mga9-32 OK, LXDE, radeon r300

Used while testing firefox and pipewire.
A few apps, browse some sites, listen to pod, checking bugzilla :)
suspend-resume, hibernate-resume.

This is also incl last mesa for which I found no bug yet but tested and list the versions here as I have the machine running anyway...
[ettan@localhost ~]$ rpm -qa --last|grep mesa
libmesaegl1-24.2.6-1.mga9.i586                ons  6 nov 2024 18:54:38
mesa-24.2.6-1.mga9.i586                       ons  6 nov 2024 18:54:30
libmesagl1-24.2.6-1.mga9.i586                 ons  6 nov 2024 18:54:30
libmesavulkan-drivers-24.2.6-1.mga9.i586      ons  6 nov 2024 18:54:29
libmesaglu1-9.0.2-3.mga9.i586                 ons 31 jul 2024 23:23:05


[ettan@localhost ~]$ inxi -SMCG
System:
  Host: localhost Kernel: 6.6.58-desktop-2.mga9 arch: i686 bits: 32
    Desktop: LXDE v: 0.10.2.r1 Distro: Mageia 9
Machine:
  Type: Laptop System: IBM product: 2668R1G v: ThinkPad T43
    serial: <superuser required>
  Mobo: IBM model: 2668R1G serial: <superuser required> BIOS: IBM
    v: 1YET62WW (1.27 ) date: 05/18/2006
CPU:
  Info: single core model: Intel Pentium M bits: 32 cache: 2 MiB note: check
  Speed (MHz): 800 min/max: 800/1866 core: 1: 800
Graphics:
  Device-1: AMD RV370/M22 [Mobility Radeon X300] driver: radeon v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: radeon,v4l dri: r300 gpu: radeon resolution: 1024x768~60Hz
  API: OpenGL v: 2.1 Mesa 24.2.6 renderer: ATI RV370

CC: (none) => fri

mga9-64 OK Thinkpad T510

Plasma, SDDM, using Firefox with video and some other apps
desktop and linus kernels 6.6.58-2
suspend and hibernate OK.

Sidenote: when trying also with mesa from *testing* (no bug opened yet), SDDM gets garbled and I also experienced a hang in SDDM. Used desktop and linus kernels 
  After downgrading back to mesa-24.2.5-1 all is OK.


$ inxi -SMCG
System:
  Host: localhost Kernel: 6.6.58-2.mga9 arch: x86_64 bits: 64
    Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Laptop System: LENOVO product: 4349A13 v: ThinkPad T510
    serial: <superuser required>
  Mobo: LENOVO model: 4349A13 serial: <superuser required> BIOS: LENOVO
    v: 6MET92WW (1.52 ) date: 09/26/2012
CPU:
  Info: dual core model: Intel Core i5 M 540 bits: 64 type: MT MCP cache:
    L2: 512 KiB
  Speed (MHz): avg: 1576 min/max: 1199/2534 cores: 1: 1375 2: 1197 3: 1199
    4: 2534
Graphics:
  Device-1: NVIDIA GT218M [NVS 3100M] driver: nouveau v: kernel
  Device-2: Lenovo Integrated Webcam [R5U877] type: USB driver: uvcvideo
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: modesetting,v4l dri: nouveau gpu: nouveau resolution: 1920x1080~60Hz
  API: OpenGL v: 3.3 Mesa 24.2.5 renderer: NVA8

mga9-64 OK Thinkpad T510


Plasma, SDDM, using Firefox with video and some other apps
desktop kernel 6.6.58-2
suspend and hibernate OK.

Sidenote: successfully using mesa-24.2.6-1.mga9.tainted from *testing*


[morgan@republic ~]$ inxi -SMCG
System:
  Host: republic.tribun Kernel: 6.6.58-desktop-2.mga9 arch: x86_64 bits: 64
    Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Laptop System: ASUSTeK product: G75VW v: 1.0
    serial: <superuser required>
  Mobo: ASUSTeK model: G75VW v: 1.0 serial: <superuser required>
    UEFI: American Megatrends v: G75VW.223 date: 01/07/2013
CPU:
  Info: quad core model: Intel Core i7-3610QM bits: 64 type: MT MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 1204 min/max: 1200/3300 cores: 1: 1239 2: 1197 3: 1200
    4: 1200 5: 1200 6: 1197 7: 1200 8: 1200
Graphics:
  Device-1: NVIDIA GK107M [GeForce GTX 660M] driver: nouveau v: kernel
  Device-2: Sunplus Innovation ASUS Webcam type: USB driver: uvcvideo
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: modesetting,v4l dri: nouveau gpu: nouveau resolution: 1920x1080~60Hz
  API: OpenGL v: 4.3 Mesa 24.2.6 renderer: NVE7

(In reply to Morgan Leijström from comment #8)

>  Thinkpad T510

copy-pasted too much from c7, c8 that is for my ASUS G75V

> Sidenote: successfully using mesa-24.2.6-1.mga9.tainted from *testing*

Note it is not to be tested, Giuseppe mailed me coming 24.2.7 probably is.

----

mga9-64 OK my workstation svarten:

server kernel 6.6.58-2

Plasma, SDDM
Firefox with video, thunderbird, okular, libreoffice...
VirtualBox with MSW7 guest with Firefox playing video

suspend and hibernate OK.


[morgan@svarten ~]$ inxi -SMCG
System:
  Host: svarten.tribun Kernel: 6.6.58-server-2.mga9 arch: x86_64 bits: 64
    Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Desktop Mobo: ASRock model: P55 Pro serial: <superuser required>
    BIOS: American Megatrends v: P2.60 date: 08/20/2010
CPU:
  Info: dual core model: Intel Core i7 870 bits: 64 type: MT MCP cache:
    L2: 512 KiB
  Speed (MHz): avg: 3460 min/max: 1200/2934 cores: 1: 3464 2: 3411 3: 3451
    4: 3514
Graphics:
  Device-1: AMD Navi 24 [Radeon RX 6400/6500 XT/6500M] driver: amdgpu
    v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: amdgpu,v4l dri: radeonsi gpu: amdgpu resolution: 3840x2160~60Hz
  API: OpenGL v: 4.6 Mesa 24.2.5 renderer: AMD Radeon RX 6400 (radeonsi
    navi24 LLVM 15.0.6 DRM 3.54 6.6.58-server-2.mga9)

MGA9-64, Xfce, AMD APU

x11-server

No issues after update of server and reboot.  Using it a few hours.  I'll have to take some hours and set up tigervnc.  Probably not until this weekend.

CC: (none) => brtians1

The x11-server is looking good here.

$ inxi -SMCG
System:
  Host: localhost Kernel: 6.6.58-desktop-2.mga9 arch: x86_64 bits: 64
    Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Desktop Mobo: ASUSTeK model: PRIME Q270M-C v: Rev X.0x
    serial: <superuser required> UEFI: American Megatrends v: 2201
    date: 12/21/2023
CPU:
  Info: quad core model: Intel Core i5-7500 bits: 64 type: MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 800 min/max: 800/3800 cores: 1: 800 2: 800 3: 800 4: 800
Graphics:
  Device-1: NVIDIA GM107GL [Quadro K620] driver: nvidia v: 550.120
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: nvidia,v4l gpu: nvidia,nvidia-nvswitch resolution: 1920x1080~60Hz
  API: OpenGL v: 4.6.0 NVIDIA 550.120 renderer: Quadro K620/PCIe/SSE2

CC: (none) => andrewsfarm

RH i586

LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "BDK-Free-i586" is up-to-date
medium "BDK-Free-noarch" is up-to-date
medium "BDK-NonFree-i586" is up-to-date

installing x11-server-xwayland-22.1.9-1.6.mga9.i586.rpm x11-server-common-21.1.8-7.6.mga9.i586.rpm x11-server-xorg-21.1.8-7.6.mga9.i586.rpm from //home/katnatek/qa-testing/i586
Preparing...                     #######################################################################################
      1/3: x11-server-common     #######################################################################################
      2/3: x11-server-xwayland   #######################################################################################
      3/3: x11-server-xorg       #######################################################################################
      1/3: removing x11-server-xorg-21.1.8-7.5.mga9.i586
                                 #######################################################################################
      2/3: removing x11-server-xwayland-22.1.9-1.5.mga9.i586
                                 #######################################################################################
      3/3: removing x11-server-common-21.1.8-7.5.mga9.i586
                                 #######################################################################################

Reboot
Session start

We need test about tigervnc, PC LX can you please take care of that?

Tigervnc testing


$ vncpasswd

--- follow the prompts

Make sure you open port 5900/tcp in your firewall if you are doing a true remote test.

next run server from command line:

$ x0vncserver -passwordfile ~/.vnc/passwd

---



installed updates.

then run TigerVnc Viewer - I picked it from the menu
Enter IP when prompted
Enter Password you set up in vnc above

installed client.  I am able to connect, but the system does not refresh pages properly. 


I'd say this is a fail.  Will test on another client.

older client that worked in another test.  Same issue.  So that particular server agent doesn't retransmit.

Someone else please test as I doubt they use this server agent much.

okay back to new client.  On server, I switched to ICEDWM DE.

Now it renders correctly.

Giving this an okay.

Whiteboard: (none) => MGA9-64-OK

Validating.

Keywords: (none) => validated_update
Whiteboard: MGA9-64-OK => MGA9-64-OK MGA9-32-OK
CC: (none) => sysadmin-bugs

This package was pushed today but for some reason this bug wasn't automatically closed.

CC: (none) => dan
Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0357.html