Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:2331-1

Опубликовано: 26 авг. 2020
Источник: suse-cvrf

Описание

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues:

  • CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426).
  • CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429).
  • CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428).

Список пакетов

HPE Helion OpenStack 8
xorg-x11-server-7.6_1.18.3-76.26.1
xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE Enterprise Storage 5
xorg-x11-server-7.6_1.18.3-76.26.1
xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE Linux Enterprise Server 12 SP2-BCL
xorg-x11-server-7.6_1.18.3-76.26.1
xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE Linux Enterprise Server 12 SP2-LTSS
xorg-x11-server-7.6_1.18.3-76.26.1
xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE Linux Enterprise Server 12 SP3-BCL
xorg-x11-server-7.6_1.18.3-76.26.1
xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE Linux Enterprise Server 12 SP3-LTSS
xorg-x11-server-7.6_1.18.3-76.26.1
xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
xorg-x11-server-7.6_1.18.3-76.26.1
xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
xorg-x11-server-7.6_1.18.3-76.26.1
xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE OpenStack Cloud 7
xorg-x11-server-7.6_1.18.3-76.26.1
xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE OpenStack Cloud 8
xorg-x11-server-7.6_1.18.3-76.26.1
xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE OpenStack Cloud Crowbar 8
xorg-x11-server-7.6_1.18.3-76.26.1
xorg-x11-server-extra-7.6_1.18.3-76.26.1

Ссылки

Описание

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Затронутые продукты
HPE Helion OpenStack 8:xorg-x11-server-7.6_1.18.3-76.26.1
HPE Helion OpenStack 8:xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE Enterprise Storage 5:xorg-x11-server-7.6_1.18.3-76.26.1
SUSE Enterprise Storage 5:xorg-x11-server-extra-7.6_1.18.3-76.26.1
Ссылки

Описание

A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Затронутые продукты
HPE Helion OpenStack 8:xorg-x11-server-7.6_1.18.3-76.26.1
HPE Helion OpenStack 8:xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE Enterprise Storage 5:xorg-x11-server-7.6_1.18.3-76.26.1
SUSE Enterprise Storage 5:xorg-x11-server-extra-7.6_1.18.3-76.26.1
Ссылки

Описание

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

Затронутые продукты
HPE Helion OpenStack 8:xorg-x11-server-7.6_1.18.3-76.26.1
HPE Helion OpenStack 8:xorg-x11-server-extra-7.6_1.18.3-76.26.1
SUSE Enterprise Storage 5:xorg-x11-server-7.6_1.18.3-76.26.1
SUSE Enterprise Storage 5:xorg-x11-server-extra-7.6_1.18.3-76.26.1
Ссылки
Уязвимость SUSE-SU-2020:2331-1