SUSE-SU-2022:2373-1

Опубликовано: 12 июл. 2022

Источник: suse-cvrf

Описание

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues:

CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179).
CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181).

Список пакетов

SUSE Linux Enterprise Server 12 SP5

xorg-x11-server-1.19.6-10.32.1

xorg-x11-server-extra-1.19.6-10.32.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

xorg-x11-server-1.19.6-10.32.1

xorg-x11-server-extra-1.19.6-10.32.1

SUSE Linux Enterprise Software Development Kit 12 SP5

xorg-x11-server-sdk-1.19.6-10.32.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222373-1/
Link for SUSE-SU-2022:2373-1
https://lists.suse.com/pipermail/sle-security-updates/2022-July/011512.html
E-Mail link for SUSE-SU-2022:2373-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194179
SUSE Bug 1194179
https://bugzilla.suse.com/1194181
SUSE Bug 1194181
https://www.suse.com/security/cve/CVE-2022-2319/
SUSE CVE CVE-2022-2319 page
https://www.suse.com/security/cve/CVE-2022-2320/
SUSE CVE CVE-2022-2320 page

Описание

A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:xorg-x11-server-1.19.6-10.32.1

SUSE Linux Enterprise Server 12 SP5:xorg-x11-server-extra-1.19.6-10.32.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:xorg-x11-server-1.19.6-10.32.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:xorg-x11-server-extra-1.19.6-10.32.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-2319.html
CVE-2022-2319
https://bugzilla.suse.com/1194179
SUSE Bug 1194179
https://bugzilla.suse.com/1204093
SUSE Bug 1204093
https://bugzilla.suse.com/1205071
SUSE Bug 1205071
https://bugzilla.suse.com/1206243
SUSE Bug 1206243

Описание

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:xorg-x11-server-1.19.6-10.32.1

SUSE Linux Enterprise Server 12 SP5:xorg-x11-server-extra-1.19.6-10.32.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:xorg-x11-server-1.19.6-10.32.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:xorg-x11-server-extra-1.19.6-10.32.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-2320.html
CVE-2022-2320
https://bugzilla.suse.com/1194181
SUSE Bug 1194181
https://bugzilla.suse.com/1201793
SUSE Bug 1201793
https://bugzilla.suse.com/1204123
SUSE Bug 1204123
https://bugzilla.suse.com/1205071
SUSE Bug 1205071

SUSE-SU-2022:2373-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2022-2319

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-2320

Описание

Затронутые продукты

Ссылки