Описание
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
- CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543).
Список пакетов
Image SLES15-SP3-SAPCAL-Azure
xorg-x11-server-1.20.3-150200.22.5.72.1
Image SLES15-SP3-SAPCAL-EC2-HVM
xorg-x11-server-1.20.3-150200.22.5.72.1
Image SLES15-SP3-SAPCAL-GCE
xorg-x11-server-1.20.3-150200.22.5.72.1
SUSE Enterprise Storage 7
xorg-x11-server-1.20.3-150200.22.5.72.1
xorg-x11-server-extra-1.20.3-150200.22.5.72.1
xorg-x11-server-sdk-1.20.3-150200.22.5.72.1
SUSE Enterprise Storage 7.1
xorg-x11-server-1.20.3-150200.22.5.72.1
xorg-x11-server-extra-1.20.3-150200.22.5.72.1
xorg-x11-server-sdk-1.20.3-150200.22.5.72.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
xorg-x11-server-1.20.3-150200.22.5.72.1
xorg-x11-server-extra-1.20.3-150200.22.5.72.1
xorg-x11-server-sdk-1.20.3-150200.22.5.72.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
xorg-x11-server-1.20.3-150200.22.5.72.1
xorg-x11-server-extra-1.20.3-150200.22.5.72.1
xorg-x11-server-sdk-1.20.3-150200.22.5.72.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
xorg-x11-server-1.20.3-150200.22.5.72.1
xorg-x11-server-extra-1.20.3-150200.22.5.72.1
xorg-x11-server-sdk-1.20.3-150200.22.5.72.1
SUSE Linux Enterprise Real Time 15 SP3
xorg-x11-server-1.20.3-150200.22.5.72.1
xorg-x11-server-extra-1.20.3-150200.22.5.72.1
xorg-x11-server-sdk-1.20.3-150200.22.5.72.1
SUSE Linux Enterprise Server 15 SP2-LTSS
xorg-x11-server-1.20.3-150200.22.5.72.1
xorg-x11-server-extra-1.20.3-150200.22.5.72.1
xorg-x11-server-sdk-1.20.3-150200.22.5.72.1
SUSE Linux Enterprise Server 15 SP3-LTSS
xorg-x11-server-1.20.3-150200.22.5.72.1
xorg-x11-server-extra-1.20.3-150200.22.5.72.1
xorg-x11-server-sdk-1.20.3-150200.22.5.72.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
xorg-x11-server-1.20.3-150200.22.5.72.1
xorg-x11-server-extra-1.20.3-150200.22.5.72.1
xorg-x11-server-sdk-1.20.3-150200.22.5.72.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
xorg-x11-server-1.20.3-150200.22.5.72.1
xorg-x11-server-extra-1.20.3-150200.22.5.72.1
xorg-x11-server-sdk-1.20.3-150200.22.5.72.1
SUSE Linux Enterprise Workstation Extension 15 SP4
xorg-x11-server-wayland-1.20.3-150200.22.5.72.1
SUSE Manager Proxy 4.2
xorg-x11-server-1.20.3-150200.22.5.72.1
xorg-x11-server-extra-1.20.3-150200.22.5.72.1
SUSE Manager Server 4.2
xorg-x11-server-1.20.3-150200.22.5.72.1
xorg-x11-server-extra-1.20.3-150200.22.5.72.1
openSUSE Leap 15.4
xorg-x11-server-wayland-1.20.3-150200.22.5.72.1
Ссылки
- Link for SUSE-SU-2023:1678-1
- E-Mail link for SUSE-SU-2023:1678-1
- SUSE Security Ratings
- SUSE Bug 1209543
- SUSE CVE CVE-2023-1393 page
Описание
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Затронутые продукты
Image SLES15-SP3-SAPCAL-Azure:xorg-x11-server-1.20.3-150200.22.5.72.1
Image SLES15-SP3-SAPCAL-EC2-HVM:xorg-x11-server-1.20.3-150200.22.5.72.1
Image SLES15-SP3-SAPCAL-GCE:xorg-x11-server-1.20.3-150200.22.5.72.1
SUSE Enterprise Storage 7.1:xorg-x11-server-1.20.3-150200.22.5.72.1
Ссылки
- CVE-2023-1393
- SUSE Bug 1209543
- SUSE Bug 1210895
- SUSE Bug 1211551