Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:2240-1

Опубликовано: 25 авг. 2020
Источник: suse-cvrf

Описание

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues:

  • CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426).
  • CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429).
  • CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428).

Список пакетов

Image SLES15-SP3-EC2-HVM
xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAP-Azure
xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAP-EC2-HVM
xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAP-GCE
xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAPCAL-Azure
xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAPCAL-EC2-HVM
xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAPCAL-GCE
xorg-x11-server-1.20.3-22.5.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
xorg-x11-server-1.20.3-22.5.1
xorg-x11-server-extra-1.20.3-22.5.1
SUSE Linux Enterprise Module for Development Tools 15 SP2
xorg-x11-server-sdk-1.20.3-22.5.1
SUSE Linux Enterprise Workstation Extension 15 SP2
xorg-x11-server-wayland-1.20.3-22.5.1

Описание

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.


Затронутые продукты
Image SLES15-SP3-EC2-HVM:xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAP-Azure:xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAP-EC2-HVM:xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAP-GCE:xorg-x11-server-1.20.3-22.5.1

Ссылки

Описание

A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.


Затронутые продукты
Image SLES15-SP3-EC2-HVM:xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAP-Azure:xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAP-EC2-HVM:xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAP-GCE:xorg-x11-server-1.20.3-22.5.1

Ссылки

Описание

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.


Затронутые продукты
Image SLES15-SP3-EC2-HVM:xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAP-Azure:xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAP-EC2-HVM:xorg-x11-server-1.20.3-22.5.1
Image SLES15-SP3-SAP-GCE:xorg-x11-server-1.20.3-22.5.1

Ссылки