Security update for xorg-x11-server SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:2147-1 Final 1 1 2020-12-02T07:05:03Z current 2020-12-02T07:05:03Z 2020-12-02T07:05:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xorg-x11-server This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-2147 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HP4SY5GPVDDNTXYVZ6YALLHT7B5RVDBJ/ E-Mail link for openSUSE-SU-2020:2147-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1174908 SUSE Bug 1174908 https://bugzilla.suse.com/1177596 SUSE Bug 1177596 https://www.suse.com/security/cve/CVE-2020-14360/ SUSE CVE CVE-2020-14360 page https://www.suse.com/security/cve/CVE-2020-25712/ SUSE CVE CVE-2020-25712 page openSUSE Leap 15.2 xorg-x11-server-1.20.3-lp152.8.12.1 xorg-x11-server-extra-1.20.3-lp152.8.12.1 xorg-x11-server-sdk-1.20.3-lp152.8.12.1 xorg-x11-server-source-1.20.3-lp152.8.12.1 xorg-x11-server-wayland-1.20.3-lp152.8.12.1 xorg-x11-server-1.20.3-lp152.8.12.1 as a component of openSUSE Leap 15.2 xorg-x11-server-extra-1.20.3-lp152.8.12.1 as a component of openSUSE Leap 15.2 xorg-x11-server-sdk-1.20.3-lp152.8.12.1 as a component of openSUSE Leap 15.2 xorg-x11-server-source-1.20.3-lp152.8.12.1 as a component of openSUSE Leap 15.2 xorg-x11-server-wayland-1.20.3-lp152.8.12.1 as a component of openSUSE Leap 15.2 A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14360 openSUSE Leap 15.2:xorg-x11-server-1.20.3-lp152.8.12.1 openSUSE Leap 15.2:xorg-x11-server-extra-1.20.3-lp152.8.12.1 openSUSE Leap 15.2:xorg-x11-server-sdk-1.20.3-lp152.8.12.1 openSUSE Leap 15.2:xorg-x11-server-source-1.20.3-lp152.8.12.1 openSUSE Leap 15.2:xorg-x11-server-wayland-1.20.3-lp152.8.12.1 important 6.1 AV:L/AC:L/Au:N/C:P/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HP4SY5GPVDDNTXYVZ6YALLHT7B5RVDBJ/ https://www.suse.com/security/cve/CVE-2020-14360.html CVE-2020-14360 https://bugzilla.suse.com/1174908 SUSE Bug 1174908 https://bugzilla.suse.com/1177596 SUSE Bug 1177596 A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-25712 openSUSE Leap 15.2:xorg-x11-server-1.20.3-lp152.8.12.1 openSUSE Leap 15.2:xorg-x11-server-extra-1.20.3-lp152.8.12.1 openSUSE Leap 15.2:xorg-x11-server-sdk-1.20.3-lp152.8.12.1 openSUSE Leap 15.2:xorg-x11-server-source-1.20.3-lp152.8.12.1 openSUSE Leap 15.2:xorg-x11-server-wayland-1.20.3-lp152.8.12.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HP4SY5GPVDDNTXYVZ6YALLHT7B5RVDBJ/ https://www.suse.com/security/cve/CVE-2020-25712.html CVE-2020-25712 https://bugzilla.suse.com/1174908 SUSE Bug 1174908 https://bugzilla.suse.com/1177596 SUSE Bug 1177596