Описание
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
- CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426).
- CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429).
- CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2020:1302-1
- SUSE Security Ratings
- SUSE Bug 1174633
- SUSE Bug 1174635
- SUSE Bug 1174638
- SUSE CVE CVE-2020-14345 page
- SUSE CVE CVE-2020-14346 page
- SUSE CVE CVE-2020-14347 page
Описание
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-14345
- SUSE Bug 1174635
- SUSE Bug 1174638
- SUSE Bug 1174908
- SUSE Bug 1174910
- SUSE Bug 1174913
- SUSE Bug 1177596
- SUSE Bug 1181067
Описание
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-14346
- SUSE Bug 1174635
- SUSE Bug 1174638
- SUSE Bug 1174910
- SUSE Bug 1174913
Описание
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
Затронутые продукты
Ссылки
- CVE-2020-14347
- SUSE Bug 1174633