Описание
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
- CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179).
- CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181).
Список пакетов
SUSE Enterprise Storage 6
xorg-x11-server-1.20.3-150100.14.5.25.1
xorg-x11-server-extra-1.20.3-150100.14.5.25.1
xorg-x11-server-sdk-1.20.3-150100.14.5.25.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
xorg-x11-server-1.20.3-150100.14.5.25.1
xorg-x11-server-extra-1.20.3-150100.14.5.25.1
xorg-x11-server-sdk-1.20.3-150100.14.5.25.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
xorg-x11-server-1.20.3-150100.14.5.25.1
xorg-x11-server-extra-1.20.3-150100.14.5.25.1
xorg-x11-server-sdk-1.20.3-150100.14.5.25.1
SUSE Linux Enterprise Server 15 SP1-BCL
xorg-x11-server-1.20.3-150100.14.5.25.1
xorg-x11-server-extra-1.20.3-150100.14.5.25.1
xorg-x11-server-sdk-1.20.3-150100.14.5.25.1
SUSE Linux Enterprise Server 15 SP1-LTSS
xorg-x11-server-1.20.3-150100.14.5.25.1
xorg-x11-server-extra-1.20.3-150100.14.5.25.1
xorg-x11-server-sdk-1.20.3-150100.14.5.25.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
xorg-x11-server-1.20.3-150100.14.5.25.1
xorg-x11-server-extra-1.20.3-150100.14.5.25.1
xorg-x11-server-sdk-1.20.3-150100.14.5.25.1
Ссылки
- Link for SUSE-SU-2022:2374-1
- E-Mail link for SUSE-SU-2022:2374-1
- SUSE Security Ratings
- SUSE Bug 1194179
- SUSE Bug 1194181
- SUSE CVE CVE-2022-2319 page
- SUSE CVE CVE-2022-2320 page
Описание
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
Затронутые продукты
SUSE Enterprise Storage 6:xorg-x11-server-1.20.3-150100.14.5.25.1
SUSE Enterprise Storage 6:xorg-x11-server-extra-1.20.3-150100.14.5.25.1
SUSE Enterprise Storage 6:xorg-x11-server-sdk-1.20.3-150100.14.5.25.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xorg-x11-server-1.20.3-150100.14.5.25.1
Ссылки
- CVE-2022-2319
- SUSE Bug 1194179
- SUSE Bug 1204093
- SUSE Bug 1205071
- SUSE Bug 1206243
Описание
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.
Затронутые продукты
SUSE Enterprise Storage 6:xorg-x11-server-1.20.3-150100.14.5.25.1
SUSE Enterprise Storage 6:xorg-x11-server-extra-1.20.3-150100.14.5.25.1
SUSE Enterprise Storage 6:xorg-x11-server-sdk-1.20.3-150100.14.5.25.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xorg-x11-server-1.20.3-150100.14.5.25.1
Ссылки
- CVE-2022-2320
- SUSE Bug 1194181
- SUSE Bug 1201793
- SUSE Bug 1204123
- SUSE Bug 1205071