X.org Server and Xwayland Patched to Eliminate Vulnerability

X.org Server 21.1.8 and its DDX component Xwayland versions 22.1.6 and 23.1.1 have released with corrective issues. The updates ensure that the server can organize the execution of x11-Applications surrounded by Wayland. The vulnerability (cve-2023-1393) that was eliminated can potentially be operated by systems where the X-server is performed with Root rights. Additionally, it allows for remote code execution in configurations in which the X11 session is used for access using SSH.

The vulnerability led to a Memorial circulation after its release (USE-fast). This was due to an unspoken pointer to the window in the COMPSCREEN structure after the liquid of COW (Compositor Overlay Window) was cleared.

All users of X.org Server and Xwayland are advised to apply the updates as soon as possible to ensure their systems are not vulnerable. For more information on the updates, please visit the respective links for X.org Server 21.1.8, Xwayland 22.1.6, and Xwayland 23.1.1.

/Reports, release notes, official announcements.