SB2024072105 - openEuler 22.03 LTS SP4 update for xorg-x11-server-xwayland
Published: July 21, 2024
Security Bulletin ID
SB2024072105
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2022-2320)
The vulnerability allows a local user to escalate privileges on the system.The vulnerability exists due to a boundary error within the ProcXkbSetDeviceInfo request handler of the Xkb extension. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
2) Denial of service (CVE-ID: CVE-2016-2848)
The vulnerability allows a remote unauthenticated user to perform DoS attack on the targete system.The weakness is due to insuffcient handling of options data in an OPT resource record. By sending a specially crafted DNS packet, attackers can trigger the named service to crash.
Successful exploitation of the vulnerability leads to denial of service on the vulnarable system.
Remediation
Install update from vendor's website.