Описание
Security update for xorg-x11-server
This update for xorg-x11-server provides the following fix:
Security issue fixed:
- CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges (bsc#1111697)
Non security issues fixed:
- Do not write past the allocated buffer. (bsc#1078383)
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
xorg-x11-Xvnc-7.4-27.122.21.1
xorg-x11-server-7.4-27.122.21.1
xorg-x11-server-extra-7.4-27.122.21.1
SUSE Linux Enterprise Server 11 SP3-LTSS
xorg-x11-Xvnc-7.4-27.122.21.1
xorg-x11-server-7.4-27.122.21.1
xorg-x11-server-extra-7.4-27.122.21.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
xorg-x11-Xvnc-7.4-27.122.21.1
xorg-x11-server-7.4-27.122.21.1
xorg-x11-server-extra-7.4-27.122.21.1
SUSE Linux Enterprise Server 11 SP4
xorg-x11-Xvnc-7.4-27.122.21.1
xorg-x11-server-7.4-27.122.21.1
xorg-x11-server-extra-7.4-27.122.21.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
xorg-x11-Xvnc-7.4-27.122.21.1
xorg-x11-server-7.4-27.122.21.1
xorg-x11-server-extra-7.4-27.122.21.1
SUSE Linux Enterprise Software Development Kit 11 SP4
xorg-x11-server-sdk-7.4-27.122.21.1
Ссылки
- Link for SUSE-SU-2018:3456-1
- E-Mail link for SUSE-SU-2018:3456-1
- SUSE Security Ratings
- SUSE Bug 1078383
- SUSE Bug 1111697
- SUSE CVE CVE-2018-14665 page
Описание
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xorg-x11-Xvnc-7.4-27.122.21.1
SUSE Linux Enterprise Point of Sale 11 SP3:xorg-x11-server-7.4-27.122.21.1
SUSE Linux Enterprise Point of Sale 11 SP3:xorg-x11-server-extra-7.4-27.122.21.1
SUSE Linux Enterprise Server 11 SP3-LTSS:xorg-x11-Xvnc-7.4-27.122.21.1
Ссылки
- CVE-2018-14665
- SUSE Bug 1111697
- SUSE Bug 1112020