Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:4272-1

Опубликовано: 30 окт. 2023
Источник: suse-cvrf

Описание

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues:

  • CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261).
  • CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens (bsc#1216133).
  • CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135).

Список пакетов

Image SLES15-SP5-SAPCAL-Azure
xorg-x11-server-21.1.4-150500.7.7.1
xorg-x11-server-Xvfb-21.1.4-150500.7.7.1
Image SLES15-SP5-SAPCAL-EC2
xorg-x11-server-21.1.4-150500.7.7.1
xorg-x11-server-Xvfb-21.1.4-150500.7.7.1
Image SLES15-SP5-SAPCAL-GCE
xorg-x11-server-21.1.4-150500.7.7.1
xorg-x11-server-Xvfb-21.1.4-150500.7.7.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
xorg-x11-server-21.1.4-150500.7.7.1
xorg-x11-server-Xvfb-21.1.4-150500.7.7.1
xorg-x11-server-extra-21.1.4-150500.7.7.1
SUSE Linux Enterprise Module for Development Tools 15 SP5
xorg-x11-server-sdk-21.1.4-150500.7.7.1
openSUSE Leap 15.5
xorg-x11-server-21.1.4-150500.7.7.1
xorg-x11-server-Xvfb-21.1.4-150500.7.7.1
xorg-x11-server-extra-21.1.4-150500.7.7.1
xorg-x11-server-sdk-21.1.4-150500.7.7.1
xorg-x11-server-source-21.1.4-150500.7.7.1

Ссылки

Описание

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

Затронутые продукты
Image SLES15-SP5-SAPCAL-Azure:xorg-x11-server-21.1.4-150500.7.7.1
Image SLES15-SP5-SAPCAL-Azure:xorg-x11-server-Xvfb-21.1.4-150500.7.7.1
Image SLES15-SP5-SAPCAL-EC2:xorg-x11-server-21.1.4-150500.7.7.1
Image SLES15-SP5-SAPCAL-EC2:xorg-x11-server-Xvfb-21.1.4-150500.7.7.1
Ссылки

Описание

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

Затронутые продукты
Image SLES15-SP5-SAPCAL-Azure:xorg-x11-server-21.1.4-150500.7.7.1
Image SLES15-SP5-SAPCAL-Azure:xorg-x11-server-Xvfb-21.1.4-150500.7.7.1
Image SLES15-SP5-SAPCAL-EC2:xorg-x11-server-21.1.4-150500.7.7.1
Image SLES15-SP5-SAPCAL-EC2:xorg-x11-server-Xvfb-21.1.4-150500.7.7.1
Ссылки

Описание

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

Затронутые продукты
Image SLES15-SP5-SAPCAL-Azure:xorg-x11-server-21.1.4-150500.7.7.1
Image SLES15-SP5-SAPCAL-Azure:xorg-x11-server-Xvfb-21.1.4-150500.7.7.1
Image SLES15-SP5-SAPCAL-EC2:xorg-x11-server-21.1.4-150500.7.7.1
Image SLES15-SP5-SAPCAL-EC2:xorg-x11-server-Xvfb-21.1.4-150500.7.7.1
Ссылки