ALAS2023-2025-939

In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock. (CVE-2022-49737)

aarch64:
    xorg-x11-server-Xorg-debuginfo-21.1.13-5.amzn2023.0.5.aarch64
    xorg-x11-server-Xephyr-debuginfo-21.1.13-5.amzn2023.0.5.aarch64
    xorg-x11-server-Xvfb-debuginfo-21.1.13-5.amzn2023.0.5.aarch64
    xorg-x11-server-devel-21.1.13-5.amzn2023.0.5.aarch64
    xorg-x11-server-common-21.1.13-5.amzn2023.0.5.aarch64
    xorg-x11-server-Xnest-21.1.13-5.amzn2023.0.5.aarch64
    xorg-x11-server-Xorg-21.1.13-5.amzn2023.0.5.aarch64
    xorg-x11-server-Xvfb-21.1.13-5.amzn2023.0.5.aarch64
    xorg-x11-server-Xnest-debuginfo-21.1.13-5.amzn2023.0.5.aarch64
    xorg-x11-server-debuginfo-21.1.13-5.amzn2023.0.5.aarch64
    xorg-x11-server-Xephyr-21.1.13-5.amzn2023.0.5.aarch64
    xorg-x11-server-debugsource-21.1.13-5.amzn2023.0.5.aarch64

noarch:
    xorg-x11-server-source-21.1.13-5.amzn2023.0.5.noarch

src:
    xorg-x11-server-21.1.13-5.amzn2023.0.5.src

x86_64:
    xorg-x11-server-Xnest-debuginfo-21.1.13-5.amzn2023.0.5.x86_64
    xorg-x11-server-Xorg-debuginfo-21.1.13-5.amzn2023.0.5.x86_64
    xorg-x11-server-debuginfo-21.1.13-5.amzn2023.0.5.x86_64
    xorg-x11-server-Xephyr-debuginfo-21.1.13-5.amzn2023.0.5.x86_64
    xorg-x11-server-Xorg-21.1.13-5.amzn2023.0.5.x86_64
    xorg-x11-server-devel-21.1.13-5.amzn2023.0.5.x86_64
    xorg-x11-server-Xnest-21.1.13-5.amzn2023.0.5.x86_64
    xorg-x11-server-Xvfb-debuginfo-21.1.13-5.amzn2023.0.5.x86_64
    xorg-x11-server-common-21.1.13-5.amzn2023.0.5.x86_64
    xorg-x11-server-Xvfb-21.1.13-5.amzn2023.0.5.x86_64
    xorg-x11-server-Xephyr-21.1.13-5.amzn2023.0.5.x86_64
    xorg-x11-server-debugsource-21.1.13-5.amzn2023.0.5.x86_64