Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:2241-1

Опубликовано: 25 авг. 2020
Источник: suse-cvrf

Описание

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues:

  • CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426).
  • CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429).
  • CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP1
xorg-x11-server-1.20.3-14.5.1
xorg-x11-server-extra-1.20.3-14.5.1
SUSE Linux Enterprise Module for Development Tools 15 SP1
xorg-x11-server-sdk-1.20.3-14.5.1
SUSE Linux Enterprise Workstation Extension 15 SP1
xorg-x11-server-wayland-1.20.3-14.5.1

Ссылки

Описание

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP1:xorg-x11-server-1.20.3-14.5.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:xorg-x11-server-extra-1.20.3-14.5.1
SUSE Linux Enterprise Module for Development Tools 15 SP1:xorg-x11-server-sdk-1.20.3-14.5.1
SUSE Linux Enterprise Workstation Extension 15 SP1:xorg-x11-server-wayland-1.20.3-14.5.1
Ссылки

Описание

A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP1:xorg-x11-server-1.20.3-14.5.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:xorg-x11-server-extra-1.20.3-14.5.1
SUSE Linux Enterprise Module for Development Tools 15 SP1:xorg-x11-server-sdk-1.20.3-14.5.1
SUSE Linux Enterprise Workstation Extension 15 SP1:xorg-x11-server-wayland-1.20.3-14.5.1
Ссылки

Описание

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP1:xorg-x11-server-1.20.3-14.5.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:xorg-x11-server-extra-1.20.3-14.5.1
SUSE Linux Enterprise Module for Development Tools 15 SP1:xorg-x11-server-sdk-1.20.3-14.5.1
SUSE Linux Enterprise Workstation Extension 15 SP1:xorg-x11-server-wayland-1.20.3-14.5.1
Ссылки