Описание
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
- CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
xorg-x11-server-1.20.3-150100.14.5.36.1
xorg-x11-server-extra-1.20.3-150100.14.5.36.1
xorg-x11-server-sdk-1.20.3-150100.14.5.36.1
SUSE Linux Enterprise Server 15 SP1-LTSS
xorg-x11-server-1.20.3-150100.14.5.36.1
xorg-x11-server-extra-1.20.3-150100.14.5.36.1
xorg-x11-server-sdk-1.20.3-150100.14.5.36.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
xorg-x11-server-1.20.3-150100.14.5.36.1
xorg-x11-server-extra-1.20.3-150100.14.5.36.1
xorg-x11-server-sdk-1.20.3-150100.14.5.36.1
Ссылки
- Link for SUSE-SU-2023:0287-1
- E-Mail link for SUSE-SU-2023:0287-1
- SUSE Security Ratings
- SUSE Bug 1207783
- SUSE CVE CVE-2023-0494 page
Описание
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xorg-x11-server-1.20.3-150100.14.5.36.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xorg-x11-server-extra-1.20.3-150100.14.5.36.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xorg-x11-server-sdk-1.20.3-150100.14.5.36.1
SUSE Linux Enterprise Server 15 SP1-LTSS:xorg-x11-server-1.20.3-150100.14.5.36.1
Ссылки
- CVE-2023-0494
- SUSE Bug 1207783
- SUSE Bug 1208344
- SUSE Bug 1209331
- SUSE Bug 1211551