CVE-2021-4008 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2640	xorg-xwayland	21.1.3-1	21.1.4-1	High	Fixed
AVG-2636	xorg-server	21.1.1-3	21.1.2-1	High	Fixed

References
https://lists.x.org/archives/xorg-announce/2021-December/003122.html https://lists.x.org/archives/xorg-announce/2021-December/003123.html https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60

References

https://lists.x.org/archives/xorg-announce/2021-December/003122.html
https://lists.x.org/archives/xorg-announce/2021-December/003123.html
https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60