Описание
Security update for xwayland
This update for xwayland fixes the following issues:
- CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261).
- CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135).
Список пакетов
SUSE Linux Enterprise Workstation Extension 15 SP4
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2023:4293-1
- E-Mail link for SUSE-SU-2023:4293-1
- SUSE Security Ratings
- SUSE Bug 1216135
- SUSE Bug 1216261
- SUSE CVE CVE-2023-5367 page
- SUSE CVE CVE-2023-5574 page
Описание
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
Затронутые продукты
Ссылки
- CVE-2023-5367
- SUSE Bug 1216135
- SUSE Bug 1217447
- SUSE Bug 1221590
Описание
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
Затронутые продукты
Ссылки
- CVE-2023-5574
- SUSE Bug 1216261
- SUSE Bug 1217447