发布于3月6日3月6日 Members Oracle Linux: CVE-2023-1393: ELSA-2023-6340:xorg-x11-server security and bug fix update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/29/2023 Created 05/05/2023 Added 04/05/2023 Modified 12/17/2024 Description A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. A vulnerability was found in X.Org Server. This flaw occurs if a client explicitly destroys the compositor overlay window (aka COW), where Xserver leaves a dangling pointer to that window in the CompScreen structure, which will later trigger a use-after-free issue. The Overlay Window use-after-free issue can lead to a local privilege escalation vulnerability. Solution(s) oracle-linux-upgrade-tigervnc oracle-linux-upgrade-tigervnc-icons oracle-linux-upgrade-tigervnc-license oracle-linux-upgrade-tigervnc-selinux oracle-linux-upgrade-tigervnc-server oracle-linux-upgrade-tigervnc-server-applet oracle-linux-upgrade-tigervnc-server-minimal oracle-linux-upgrade-tigervnc-server-module oracle-linux-upgrade-xorg-x11-server-common oracle-linux-upgrade-xorg-x11-server-devel oracle-linux-upgrade-xorg-x11-server-source oracle-linux-upgrade-xorg-x11-server-xdmx oracle-linux-upgrade-xorg-x11-server-xephyr oracle-linux-upgrade-xorg-x11-server-xnest oracle-linux-upgrade-xorg-x11-server-xorg oracle-linux-upgrade-xorg-x11-server-xvfb oracle-linux-upgrade-xorg-x11-server-xwayland References https://attackerkb.com/topics/cve-2023-1393 CVE - 2023-1393 ELSA-2023-6340 ELSA-2023-1594 ELSA-2023-6916 ELSA-2023-6341 ELSA-2023-1592 ELSA-2023-1551 ELSA-2023-6917 View more
