SUSE-SU-2023:1716-1

Опубликовано: 31 мар. 2023

Источник: suse-cvrf

Описание

Security update for xwayland

This update for xwayland fixes the following issues:

CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543).

Список пакетов

SUSE Linux Enterprise Workstation Extension 15 SP4

xwayland-21.1.4-150400.3.15.1

openSUSE Leap 15.4

xwayland-21.1.4-150400.3.15.1

xwayland-devel-21.1.4-150400.3.15.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20231716-1/
Link for SUSE-SU-2023:1716-1
https://lists.suse.com/pipermail/sle-updates/2023-March/028536.html
E-Mail link for SUSE-SU-2023:1716-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1209543
SUSE Bug 1209543
https://www.suse.com/security/cve/CVE-2023-1393/
SUSE CVE CVE-2023-1393 page

Описание

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

Затронутые продукты

SUSE Linux Enterprise Workstation Extension 15 SP4:xwayland-21.1.4-150400.3.15.1

openSUSE Leap 15.4:xwayland-21.1.4-150400.3.15.1

openSUSE Leap 15.4:xwayland-devel-21.1.4-150400.3.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-1393.html
CVE-2023-1393
https://bugzilla.suse.com/1209543
SUSE Bug 1209543
https://bugzilla.suse.com/1210895
SUSE Bug 1210895
https://bugzilla.suse.com/1211551
SUSE Bug 1211551

SUSE-SU-2023:1716-1

Описание

Список пакетов

SUSE Linux Enterprise Workstation Extension 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-1393

Описание

Затронутые продукты

Ссылки