Red Hat: CVE-2024-0408: xorg-x11-server: SELinux unlabeled GLX PBuffer (Multiple Advisories)
Description
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
Solution(s)
- redhat-upgrade-xorg-x11-server-common
- redhat-upgrade-xorg-x11-server-debuginfo
- redhat-upgrade-xorg-x11-server-debugsource
- redhat-upgrade-xorg-x11-server-devel
- redhat-upgrade-xorg-x11-server-source
- redhat-upgrade-xorg-x11-server-xdmx
- redhat-upgrade-xorg-x11-server-xdmx-debuginfo
- redhat-upgrade-xorg-x11-server-xephyr
- redhat-upgrade-xorg-x11-server-xephyr-debuginfo
- redhat-upgrade-xorg-x11-server-xnest
- redhat-upgrade-xorg-x11-server-xnest-debuginfo
- redhat-upgrade-xorg-x11-server-xorg
- redhat-upgrade-xorg-x11-server-xorg-debuginfo
- redhat-upgrade-xorg-x11-server-xvfb
- redhat-upgrade-xorg-x11-server-xvfb-debuginfo
- redhat-upgrade-xorg-x11-server-xwayland
- redhat-upgrade-xorg-x11-server-xwayland-debuginfo
- redhat-upgrade-xorg-x11-server-xwayland-debugsource
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center