Описание
Security update for enlightenment
This update for enlightenment fixes the following issues:
Update to 0.25.4 Bugfix release
- Fix shape handling in various cases that affected apps with shaped input
- Fix procstats popup and dangling icon for fullscreen windows
- Fix a vianishing pointer in some cases
- Workaround Qt issue where it does not remove WM_STATE on withdraw
- Fix fullscreen focus toggle flicker
- Fix pointer sticking case
- Fix tap-to-click props
- Fix gadgcon disabled items
- Fix config fallback handling that means no fallback happened
- Fix gtk frame prop handling
- Fix first map handling that affected energyxt
- Fix CVE-2022-37706 (boo#1203631)
- Harden enlightenment_sys when mis-packaged without sysactions.conf
Список пакетов
SUSE Package Hub 15 SP4
enlightenment-0.25.4-bp154.4.3.1
enlightenment-branding-upstream-0.25.4-bp154.4.3.1
enlightenment-devel-0.25.4-bp154.4.3.1
openSUSE Leap 15.4
enlightenment-0.25.4-bp154.4.3.1
enlightenment-branding-upstream-0.25.4-bp154.4.3.1
enlightenment-devel-0.25.4-bp154.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2022:10153-1
- SUSE Security Ratings
- SUSE Bug 1203631
- SUSE CVE CVE-2022-37706 page
Описание
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Затронутые продукты
SUSE Package Hub 15 SP4:enlightenment-0.25.4-bp154.4.3.1
SUSE Package Hub 15 SP4:enlightenment-branding-upstream-0.25.4-bp154.4.3.1
SUSE Package Hub 15 SP4:enlightenment-devel-0.25.4-bp154.4.3.1
openSUSE Leap 15.4:enlightenment-0.25.4-bp154.4.3.1
Ссылки
- CVE-2022-37706
- SUSE Bug 1203631