SUSE-SU-2023:4338-1

Details

This update for xorg-x11-server fixes the following issues:

CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261).
CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens (bsc#1216133).
CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135).

Affected Packages

xorg-x11-server

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Server 15 SP2-LTSS

Fixed in:

1.20.3-150200.22.5.79.1

xorg-x11-server-extra

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Server 15 SP2-LTSS

Fixed in:

1.20.3-150200.22.5.79.1

xorg-x11-server-sdk

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Server 15 SP2-LTSS

Fixed in:

1.20.3-150200.22.5.79.1

xorg-x11-server-wayland

SUSE Linux Enterprise Workstation Extension 15 SP4SUSE Linux Enterprise Workstation Extension 15 SP5openSUSE Leap 15.4

Fixed in:

1.20.3-150200.22.5.79.1

References

REPORT

https://bugzilla.suse.com/1216133

REPORT

https://bugzilla.suse.com/1216135

REPORT