Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:4269-1

Опубликовано: 30 окт. 2023
Источник: suse-cvrf

Описание

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues:

  • CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261).
  • CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens (bsc#1216133).
  • CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135).

Список пакетов

SUSE Linux Enterprise Server 12 SP5
xorg-x11-server-1.19.6-10.56.1
xorg-x11-server-extra-1.19.6-10.56.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
xorg-x11-server-1.19.6-10.56.1
xorg-x11-server-extra-1.19.6-10.56.1
SUSE Linux Enterprise Software Development Kit 12 SP5
xorg-x11-server-sdk-1.19.6-10.56.1

Ссылки

Описание

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:xorg-x11-server-1.19.6-10.56.1
SUSE Linux Enterprise Server 12 SP5:xorg-x11-server-extra-1.19.6-10.56.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:xorg-x11-server-1.19.6-10.56.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:xorg-x11-server-extra-1.19.6-10.56.1
Ссылки

Описание

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:xorg-x11-server-1.19.6-10.56.1
SUSE Linux Enterprise Server 12 SP5:xorg-x11-server-extra-1.19.6-10.56.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:xorg-x11-server-1.19.6-10.56.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:xorg-x11-server-extra-1.19.6-10.56.1
Ссылки

Описание

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:xorg-x11-server-1.19.6-10.56.1
SUSE Linux Enterprise Server 12 SP5:xorg-x11-server-extra-1.19.6-10.56.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:xorg-x11-server-1.19.6-10.56.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:xorg-x11-server-extra-1.19.6-10.56.1
Ссылки