{"id":"MGASA-2021-0573","summary":"Updated x11-server packages fix security vulnerabilities","details":"Updated x11-server packages fix security vulnerabilities:\n\nThe handler for the CompositeGlyphs request of the Render extension does\nnot properly validate the request length leading to out of bounds memory\nwrite (CVE-2021-4008).\n\nThe handler for the CreatePointerBarrier request of the XFixes extension\ndoes not properly validate the request length leading to out of bounds\nmemory write (CVE-2021-4009).\n\nThe handler for the Suspend request of the Screen Saver extension does\nnot properly validate the request length leading to out of bounds memory\nwrite (CVE-2021-4010).\n\nThe handlers for the RecordCreateContext and RecordRegisterClients\nrequests of the Record extension do not properly validate the request\nlength leading to out of bounds memory write (CVE-2021-4011).\n\nAll of these issues can lead to local privileges elevation on systems\nwhere the X server is running privileged and remote code execution for\nssh X forwarding sessions.\n","modified":"2026-04-16T04:42:24.641218279Z","published":"2021-12-21T23:27:37Z","upstream":["CVE-2021-4008","CVE-2021-4009","CVE-2021-4010","CVE-2021-4011"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0573.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29767"},{"type":"WEB","url":"https://lists.x.org/archives/xorg-announce/2021-December/003124.html"}],"affected":[{"package":{"name":"x11-server","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/x11-server?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.14-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0573.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}