安全公告/【CVE-2023-5367】

基本信息

漏洞名称:
受影响操作系统:红旗Asianux服务器操作系统 V8
危险等级:高危
影响源码包:xorg-x11-server
CVSS评分:7.8
发现日期:2024-08-14
修复日期:2024-09-10
修复版本:xorg-x11-server-1.20.4-24

漏洞描述

在xorg-x11-服务器中发现了越界写入漏洞。此问题是由于在复制存储在堆中的Xi/xiproperty.c中的XIChangeDeviceProperty函数和randr/rrproperty.c中的RRChangeOutputProperty函数中的数据时,缓冲区偏移量计算不正确,从而可能导致特权升级或拒绝服务。

漏洞判定

执行命令yum info PackageName获取软件包版本号,版本小于修复版本,则受此漏洞影响,版本大于等于修复版本,则此漏洞已修复

修复方式

软件包升级
dnf update xorg-x11-server

补丁

参考

https://bugzilla.redhat.com/show_bug.cgi?id=2243091;https://access.redhat.com/security/cve/CVE-2023-5367;https://lists.x.org/archives/xorg-announce/2023-October/003430.html;https://www.debian.org/security/2023/dsa-5534;https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/;https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/;https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/;https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/;https://access.redhat.com/errata/RHSA-2023:6802;https://access.redhat.com/errata/RHSA-2023:6808;https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/;https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/;https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/;https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/;https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/;https://access.redhat.com/errata/RHSA-2023:7373;https://access.redhat.com/errata/RHSA-2023:7388;https://access.redhat.com/errata/RHSA-2023:7405;https://access.redhat.com/errata/RHSA-2023:7428;https://access.redhat.com/errata/RHSA-2023:7436;https://access.redhat.com/errata/RHSA-2023:7526;https://access.redhat.com/errata/RHSA-2023:7533;https://security.netapp.com/advisory/ntap-20231130-0004/;https://access.redhat.com/errata/RHSA-2024:0010;https://access.redhat.com/errata/RHSA-2024:0128;https://security.gentoo.org/glsa/202401-30;https://access.redhat.com/errata/RHSA-2024:2169;https://access.redhat.com/errata/RHSA-2024:2170;https://access.redhat.com/errata/RHSA-2024:2995;https://access.redhat.com/errata/RHSA-2024:2996;