SUSE-SU-2024:3789-1

Опубликовано: 30 окт. 2024

Источник: suse-cvrf

Описание

Security update for xwayland

This update for xwayland fixes the following issues:

CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565).

Список пакетов

SUSE Linux Enterprise Workstation Extension 15 SP6

xwayland-24.1.1-150600.5.6.1

openSUSE Leap 15.6

xwayland-24.1.1-150600.5.6.1

xwayland-devel-24.1.1-150600.5.6.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20243789-1/
Link for SUSE-SU-2024:3789-1
https://lists.suse.com/pipermail/sle-security-updates/2024-October/019706.html
E-Mail link for SUSE-SU-2024:3789-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1231565
SUSE Bug 1231565
https://www.suse.com/security/cve/CVE-2024-9632/
SUSE CVE CVE-2024-9632 page

Описание

A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.

Затронутые продукты

SUSE Linux Enterprise Workstation Extension 15 SP6:xwayland-24.1.1-150600.5.6.1

openSUSE Leap 15.6:xwayland-24.1.1-150600.5.6.1

openSUSE Leap 15.6:xwayland-devel-24.1.1-150600.5.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-9632.html
CVE-2024-9632
https://bugzilla.suse.com/1231565
SUSE Bug 1231565

SUSE-SU-2024:3789-1

Описание

Список пакетов

SUSE Linux Enterprise Workstation Extension 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-9632

Описание

Затронутые продукты

Ссылки