SUSE-SU-2023:1680-1

Опубликовано: 29 мар. 2023

Источник: suse-cvrf

Описание

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues:

CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

xorg-x11-server-7.6_1.18.3-76.66.1

xorg-x11-server-extra-7.6_1.18.3-76.66.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20231680-1/
Link for SUSE-SU-2023:1680-1
https://lists.suse.com/pipermail/sle-updates/2023-March/028469.html
E-Mail link for SUSE-SU-2023:1680-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1209543
SUSE Bug 1209543
https://www.suse.com/security/cve/CVE-2023-1393/
SUSE CVE CVE-2023-1393 page

Описание

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:xorg-x11-server-7.6_1.18.3-76.66.1

SUSE Linux Enterprise Server 12 SP2-BCL:xorg-x11-server-extra-7.6_1.18.3-76.66.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-1393.html
CVE-2023-1393
https://bugzilla.suse.com/1209543
SUSE Bug 1209543
https://bugzilla.suse.com/1210895
SUSE Bug 1210895
https://bugzilla.suse.com/1211551
SUSE Bug 1211551

SUSE-SU-2023:1680-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

Ссылки

Уязвимость: CVE-2023-1393

Описание

Затронутые продукты

Ссылки