Amazon Linux 2023 Security Advisory: ALAS2023-2026-1790
Advisory Released Date: 2026-06-08
Advisory Updated Date: 2026-06-08
FAQs regarding Amazon Linux ALAS/CVE Severity
Font Alias Stack-based Buffer Overflow: A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks.
XSYNC Use-After-Free in miSyncDestroyFence(): A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free.
XKB Key Types Stack-based Buffer Overflow: The X server has multiple stack buffers that are sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger three separate stack overflows.
XKB SetMap Request Stack-based Buffer Overflow: _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow.
XSYNC Use-After-Free in FreeCounter(): A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection.
XSYNC Use-After-Free in SyncChangeCounter(): A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters.
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write: A wrong size validation check in __glXDisp_ChangeDrawableAttributes() can read (or write) a client-controlled number of bytes, exceeding the request buffer. The write path requires byte-swapped clients which is disabled by default. The read can lead to information disclosure, the write can be used to crash the server, or for privilege escalation if the X server runs as root.
CreateSaverWindow Use-After-Free Information Disclosure: A client can trigger a use-after-free read after changing window attributes and forcing the screen saver. This can lead to information disclosure.
DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write: A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write.
Affected Packages:
xorg-x11-server
Issue Correction:
Run dnf update xorg-x11-server --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1790 --releasever 2023.12.20260608 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
xorg-x11-server-Xorg-debuginfo-21.1.13-5.amzn2023.0.10.aarch64
xorg-x11-server-debuginfo-21.1.13-5.amzn2023.0.10.aarch64
xorg-x11-server-Xephyr-debuginfo-21.1.13-5.amzn2023.0.10.aarch64
xorg-x11-server-common-21.1.13-5.amzn2023.0.10.aarch64
xorg-x11-server-Xorg-21.1.13-5.amzn2023.0.10.aarch64
xorg-x11-server-Xnest-debuginfo-21.1.13-5.amzn2023.0.10.aarch64
xorg-x11-server-Xvfb-debuginfo-21.1.13-5.amzn2023.0.10.aarch64
xorg-x11-server-Xephyr-21.1.13-5.amzn2023.0.10.aarch64
xorg-x11-server-Xnest-21.1.13-5.amzn2023.0.10.aarch64
xorg-x11-server-Xvfb-21.1.13-5.amzn2023.0.10.aarch64
xorg-x11-server-debugsource-21.1.13-5.amzn2023.0.10.aarch64
xorg-x11-server-devel-21.1.13-5.amzn2023.0.10.aarch64
noarch:
xorg-x11-server-source-21.1.13-5.amzn2023.0.10.noarch
src:
xorg-x11-server-21.1.13-5.amzn2023.0.10.src
x86_64:
xorg-x11-server-Xvfb-debuginfo-21.1.13-5.amzn2023.0.10.x86_64
xorg-x11-server-Xorg-debuginfo-21.1.13-5.amzn2023.0.10.x86_64
xorg-x11-server-debuginfo-21.1.13-5.amzn2023.0.10.x86_64
xorg-x11-server-Xephyr-debuginfo-21.1.13-5.amzn2023.0.10.x86_64
xorg-x11-server-common-21.1.13-5.amzn2023.0.10.x86_64
xorg-x11-server-Xvfb-21.1.13-5.amzn2023.0.10.x86_64
xorg-x11-server-debugsource-21.1.13-5.amzn2023.0.10.x86_64
xorg-x11-server-Xnest-debuginfo-21.1.13-5.amzn2023.0.10.x86_64
xorg-x11-server-devel-21.1.13-5.amzn2023.0.10.x86_64
xorg-x11-server-Xephyr-21.1.13-5.amzn2023.0.10.x86_64
xorg-x11-server-Xnest-21.1.13-5.amzn2023.0.10.x86_64
xorg-x11-server-Xorg-21.1.13-5.amzn2023.0.10.x86_64