SUSE-SU-2024:0111-1

Details

This update for xorg-x11-server fixes the following issues:

Security fixes:

CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (bsc#1218582)
CVE-2024-0229: Fixed reattaching to different master device may lead to out-of-bounds memory access (bsc#1218583)
CVE-2024-21885: Fixed heap buffer overflow in XISendDeviceHierarchyEvent (bsc#1218584)
CVE-2024-21886: Fixed heap buffer overflow in DisableDevice (bsc#1218585)

Other:

Fix vmware graphics driver crash (bsc#1218176)
Fix xserver crash when Xinerama is enabled (bsc#1218240)

Affected Packages

xorg-x11-server

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Real Time 15 SP4SUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP4

Fixed in:

1.20.3-150400.38.40.1

xorg-x11-server-extra

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Real Time 15 SP4SUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP4

Fixed in:

1.20.3-150400.38.40.1

xorg-x11-server-sdk

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Real Time 15 SP4SUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP4

Fixed in:

1.20.3-150400.38.40.1

References

REPORT

https://bugzilla.suse.com/1218176

REPORT

https://bugzilla.suse.com/1218240

REPORT

https://bugzilla.suse.com/1218582

REPORT

https://bugzilla.suse.com/1218583

REPORT