Описание
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
- CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179).
- CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
xorg-x11-server-1.19.6-150000.8.39.1
xorg-x11-server-extra-1.19.6-150000.8.39.1
xorg-x11-server-sdk-1.19.6-150000.8.39.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
xorg-x11-server-1.19.6-150000.8.39.1
xorg-x11-server-extra-1.19.6-150000.8.39.1
xorg-x11-server-sdk-1.19.6-150000.8.39.1
SUSE Linux Enterprise Server 15-LTSS
xorg-x11-server-1.19.6-150000.8.39.1
xorg-x11-server-extra-1.19.6-150000.8.39.1
xorg-x11-server-sdk-1.19.6-150000.8.39.1
SUSE Linux Enterprise Server for SAP Applications 15
xorg-x11-server-1.19.6-150000.8.39.1
xorg-x11-server-extra-1.19.6-150000.8.39.1
xorg-x11-server-sdk-1.19.6-150000.8.39.1
Ссылки
- Link for SUSE-SU-2022:2371-1
- E-Mail link for SUSE-SU-2022:2371-1
- SUSE Security Ratings
- SUSE Bug 1194179
- SUSE Bug 1194181
- SUSE CVE CVE-2022-2319 page
- SUSE CVE CVE-2022-2320 page
Описание
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-server-1.19.6-150000.8.39.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-server-extra-1.19.6-150000.8.39.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-server-sdk-1.19.6-150000.8.39.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:xorg-x11-server-1.19.6-150000.8.39.1
Ссылки
- CVE-2022-2319
- SUSE Bug 1194179
- SUSE Bug 1204093
- SUSE Bug 1205071
- SUSE Bug 1206243
Описание
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-server-1.19.6-150000.8.39.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-server-extra-1.19.6-150000.8.39.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-server-sdk-1.19.6-150000.8.39.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:xorg-x11-server-1.19.6-150000.8.39.1
Ссылки
- CVE-2022-2320
- SUSE Bug 1194181
- SUSE Bug 1201793
- SUSE Bug 1204123
- SUSE Bug 1205071