Описание
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
- Fixed regression for security fix (bsc#1222312) for CVE-2024-31083 when using Android Studio (bsc#1222442)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
xorg-x11-server-1.19.6-10.74.1
xorg-x11-server-extra-1.19.6-10.74.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
xorg-x11-server-1.19.6-10.74.1
xorg-x11-server-extra-1.19.6-10.74.1
SUSE Linux Enterprise Software Development Kit 12 SP5
xorg-x11-server-sdk-1.19.6-10.74.1
Ссылки
- Link for SUSE-SU-2024:1263-1
- E-Mail link for SUSE-SU-2024:1263-1
- SUSE Security Ratings
- SUSE Bug 1222312
- SUSE Bug 1222442
- SUSE CVE CVE-2024-31083 page
Описание
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:xorg-x11-server-1.19.6-10.74.1
SUSE Linux Enterprise Server 12 SP5:xorg-x11-server-extra-1.19.6-10.74.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:xorg-x11-server-1.19.6-10.74.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:xorg-x11-server-extra-1.19.6-10.74.1
Ссылки
- CVE-2024-31083
- SUSE Bug 1222312