openSUSE-SU-2018:3800-1

Опубликовано: 16 нояб. 2018

Источник: suse-cvrf

Описание

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues:

CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges (bsc#1112020,

Note that SUSE by default does not run with elevated privileges, so the default installation is not affected by this problem.

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

xorg-x11-server-1.19.6-lp150.7.3.1

xorg-x11-server-extra-1.19.6-lp150.7.3.1

xorg-x11-server-sdk-1.19.6-lp150.7.3.1

xorg-x11-server-source-1.19.6-lp150.7.3.1

xorg-x11-server-wayland-1.19.6-lp150.7.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00022.html
E-Mail link for openSUSE-SU-2018:3800-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Затронутые продукты

openSUSE Leap 15.0:xorg-x11-server-1.19.6-lp150.7.3.1

openSUSE Leap 15.0:xorg-x11-server-extra-1.19.6-lp150.7.3.1

openSUSE Leap 15.0:xorg-x11-server-sdk-1.19.6-lp150.7.3.1

openSUSE Leap 15.0:xorg-x11-server-source-1.19.6-lp150.7.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14665.html
CVE-2018-14665
https://bugzilla.suse.com/1111697
SUSE Bug 1111697
https://bugzilla.suse.com/1112020
SUSE Bug 1112020

openSUSE-SU-2018:3800-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-14665

Описание

Затронутые продукты

Ссылки