Peter Hutterer

**Name of the Vulnerable Software and Affected Versions** X.Org X server (affected versions not specified) Xwayland (affected versions not specified) **Description** An out-of-bounds write flaw exists in the X.Org X server and Xwayland within the `DRIGetBuffers()` and `DRIGetBuffersWithFormat()` functions. A client can trigger an out-of-bounds heap write by requesting multiple `DRI2BufferBackLeft` attachments and one `DRI2BufferFrontLeft`. This condition may lead to a server crash or privilege escalation if the X server is running with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xorg-x11-server (affected versions not specified) **Description** A flaw was found in xorg-server, related to the handling of XKB button actions, which can result in out-of-bounds memory reads and writes when querying or changing these actions, such as moving from a touchpad to a mouse. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xorg-server (affected versions not specified) **Description** A flaw was found in xorg-server, where a specially crafted request to `RRChangeProviderProperty` or `RRChangeOutputProperty` can trigger an integer overflow, potentially leading to the disclosure of sensitive information. This issue may allow a remote attacker to exploit the vulnerability and disclose confidential information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** X.org Server (affected versions not specified) **Description** A critical vulnerability was found in X.org Server, affecting the ` GetCountedString` function of the `xkb/xkb.c` file. The manipulation leads to a buffer overflow. This issue can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. **Recommendations** To fix this issue, it is recommended to apply a patch. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** X.Org X server versions prior to 1.13.4 X.Org X server versions 1.4.x prior to 1.14.1 xorg-server versions prior to 1.14.3-r2 **Description** The issue is related to the X.Org X server, which does not properly restrict access to input events when adding a new hot-plug device. This might allow physically proximate attackers to obtain sensitive information, such as reading passwords from a tty. Multiple vulnerabilities in the xorg-server package may lead to violations of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. **Recommendations** For X.Org X server versions prior to 1.13.4, update to version 1.13.4 or later. For X.Org X server versions 1.4.x prior to 1.14.1, update to version 1.14.1 or later. For xorg-server versions prior to 1.14.3-r2, update to version 1.14.3-r2 or later.