Описание
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
-
CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges (bsc#1112020,
Note that SUSE by default does not run with elevated privileges, so the default installation is not affected by this problem.
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
xorg-x11-server-1.19.6-8.3.2
xorg-x11-server-extra-1.19.6-8.3.2
SUSE Linux Enterprise Module for Development Tools 15
xorg-x11-server-sdk-1.19.6-8.3.2
SUSE Linux Enterprise Workstation Extension 15
xorg-x11-server-wayland-1.19.6-8.3.2
Ссылки
- Link for SUSE-SU-2018:3680-1
- E-Mail link for SUSE-SU-2018:3680-1
- SUSE Security Ratings
- SUSE Bug 1112020
- SUSE CVE CVE-2018-14665 page
Описание
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:xorg-x11-server-1.19.6-8.3.2
SUSE Linux Enterprise Module for Basesystem 15:xorg-x11-server-extra-1.19.6-8.3.2
SUSE Linux Enterprise Module for Development Tools 15:xorg-x11-server-sdk-1.19.6-8.3.2
SUSE Linux Enterprise Workstation Extension 15:xorg-x11-server-wayland-1.19.6-8.3.2
Ссылки
- CVE-2018-14665
- SUSE Bug 1111697
- SUSE Bug 1112020