CVE-2021-4008 log
Source |
|
Severity | High |
Remote | Yes |
Type | Arbitrary code execution |
Description | A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2640 | xorg-xwayland | 21.1.3-1 | 21.1.4-1 | High | Fixed | |
AVG-2636 | xorg-server | 21.1.1-3 | 21.1.2-1 | High | Fixed |