vulnerability
Oracle Linux: CVE-2024-0409: ELSA-2024-2170: xorg-x11-server-Xwayland security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Jan 16, 2024 | Jan 23, 2024 | Jan 7, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Jan 16, 2024
Added
Jan 23, 2024
Modified
Jan 7, 2025
Description
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
Solution(s)
oracle-linux-upgrade-xorg-x11-server-commonoracle-linux-upgrade-xorg-x11-server-develoracle-linux-upgrade-xorg-x11-server-sourceoracle-linux-upgrade-xorg-x11-server-xdmxoracle-linux-upgrade-xorg-x11-server-xephyroracle-linux-upgrade-xorg-x11-server-xnestoracle-linux-upgrade-xorg-x11-server-xorgoracle-linux-upgrade-xorg-x11-server-xvfboracle-linux-upgrade-xorg-x11-server-xwayland
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.