Описание
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
- CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261).
- CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens (bsc#1216133).
- CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135).
Список пакетов
Image SLES15-SP3-SAPCAL-Azure
Image SLES15-SP3-SAPCAL-EC2-HVM
Image SLES15-SP3-SAPCAL-GCE
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Workstation Extension 15 SP4
SUSE Linux Enterprise Workstation Extension 15 SP5
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2023:4338-1
- E-Mail link for SUSE-SU-2023:4338-1
- SUSE Security Ratings
- SUSE Bug 1216133
- SUSE Bug 1216135
- SUSE Bug 1216261
- SUSE CVE CVE-2023-5367 page
- SUSE CVE CVE-2023-5380 page
- SUSE CVE CVE-2023-5574 page
Описание
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
Затронутые продукты
Ссылки
- CVE-2023-5367
- SUSE Bug 1216135
- SUSE Bug 1217447
- SUSE Bug 1221590
Описание
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
Затронутые продукты
Ссылки
- CVE-2023-5380
- SUSE Bug 1216133
Описание
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
Затронутые продукты
Ссылки
- CVE-2023-5574
- SUSE Bug 1216261
- SUSE Bug 1217447