Security update for xorg-x11-server SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1376-1 Final 1 1 2020-09-07T10:24:51Z current 2020-09-07T10:24:51Z 2020-09-07T10:24:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xorg-x11-server This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1376 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I3BCFJDSKRVUSS6JJFN5VUGNSWDGF7KV/ E-Mail link for openSUSE-SU-2020:1376-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1174910 SUSE Bug 1174910 https://bugzilla.suse.com/1174913 SUSE Bug 1174913 https://www.suse.com/security/cve/CVE-2020-14361/ SUSE CVE CVE-2020-14361 page https://www.suse.com/security/cve/CVE-2020-14362/ SUSE CVE CVE-2020-14362 page openSUSE Leap 15.2 xorg-x11-server-1.20.3-lp152.8.6.1 xorg-x11-server-extra-1.20.3-lp152.8.6.1 xorg-x11-server-sdk-1.20.3-lp152.8.6.1 xorg-x11-server-source-1.20.3-lp152.8.6.1 xorg-x11-server-wayland-1.20.3-lp152.8.6.1 xorg-x11-server-1.20.3-lp152.8.6.1 as a component of openSUSE Leap 15.2 xorg-x11-server-extra-1.20.3-lp152.8.6.1 as a component of openSUSE Leap 15.2 xorg-x11-server-sdk-1.20.3-lp152.8.6.1 as a component of openSUSE Leap 15.2 xorg-x11-server-source-1.20.3-lp152.8.6.1 as a component of openSUSE Leap 15.2 xorg-x11-server-wayland-1.20.3-lp152.8.6.1 as a component of openSUSE Leap 15.2 A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14361 openSUSE Leap 15.2:xorg-x11-server-1.20.3-lp152.8.6.1 openSUSE Leap 15.2:xorg-x11-server-extra-1.20.3-lp152.8.6.1 openSUSE Leap 15.2:xorg-x11-server-sdk-1.20.3-lp152.8.6.1 openSUSE Leap 15.2:xorg-x11-server-source-1.20.3-lp152.8.6.1 openSUSE Leap 15.2:xorg-x11-server-wayland-1.20.3-lp152.8.6.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I3BCFJDSKRVUSS6JJFN5VUGNSWDGF7KV/ https://www.suse.com/security/cve/CVE-2020-14361.html CVE-2020-14361 https://bugzilla.suse.com/1174635 SUSE Bug 1174635 https://bugzilla.suse.com/1174638 SUSE Bug 1174638 https://bugzilla.suse.com/1174910 SUSE Bug 1174910 https://bugzilla.suse.com/1174913 SUSE Bug 1174913 A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14362 openSUSE Leap 15.2:xorg-x11-server-1.20.3-lp152.8.6.1 openSUSE Leap 15.2:xorg-x11-server-extra-1.20.3-lp152.8.6.1 openSUSE Leap 15.2:xorg-x11-server-sdk-1.20.3-lp152.8.6.1 openSUSE Leap 15.2:xorg-x11-server-source-1.20.3-lp152.8.6.1 openSUSE Leap 15.2:xorg-x11-server-wayland-1.20.3-lp152.8.6.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I3BCFJDSKRVUSS6JJFN5VUGNSWDGF7KV/ https://www.suse.com/security/cve/CVE-2020-14362.html CVE-2020-14362 https://bugzilla.suse.com/1174635 SUSE Bug 1174635 https://bugzilla.suse.com/1174638 SUSE Bug 1174638 https://bugzilla.suse.com/1174910 SUSE Bug 1174910 https://bugzilla.suse.com/1174913 SUSE Bug 1174913