xorg-x11-server-1.20.13-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11525 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z xorg-x11-server-1.20.13-1.2 on GA media These are all security issues fixed in the xorg-x11-server-1.20.13-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11525 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11525 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2006-6101/ SUSE CVE CVE-2006-6101 page https://www.suse.com/security/cve/CVE-2006-6102/ SUSE CVE CVE-2006-6102 page https://www.suse.com/security/cve/CVE-2006-6103/ SUSE CVE CVE-2006-6103 page https://www.suse.com/security/cve/CVE-2007-1003/ SUSE CVE CVE-2007-1003 page https://www.suse.com/security/cve/CVE-2007-5760/ SUSE CVE CVE-2007-5760 page https://www.suse.com/security/cve/CVE-2007-6427/ SUSE CVE CVE-2007-6427 page https://www.suse.com/security/cve/CVE-2007-6428/ SUSE CVE CVE-2007-6428 page https://www.suse.com/security/cve/CVE-2007-6429/ SUSE CVE CVE-2007-6429 page https://www.suse.com/security/cve/CVE-2008-0006/ SUSE CVE CVE-2008-0006 page https://www.suse.com/security/cve/CVE-2008-1377/ SUSE CVE CVE-2008-1377 page https://www.suse.com/security/cve/CVE-2008-1379/ SUSE CVE CVE-2008-1379 page https://www.suse.com/security/cve/CVE-2008-2360/ SUSE CVE CVE-2008-2360 page https://www.suse.com/security/cve/CVE-2008-2361/ SUSE CVE CVE-2008-2361 page https://www.suse.com/security/cve/CVE-2008-2362/ SUSE CVE CVE-2008-2362 page https://www.suse.com/security/cve/CVE-2017-10971/ SUSE CVE CVE-2017-10971 page https://www.suse.com/security/cve/CVE-2017-12176/ SUSE CVE CVE-2017-12176 page https://www.suse.com/security/cve/CVE-2017-12187/ SUSE CVE CVE-2017-12187 page https://www.suse.com/security/cve/CVE-2017-13721/ SUSE CVE CVE-2017-13721 page https://www.suse.com/security/cve/CVE-2017-2624/ SUSE CVE CVE-2017-2624 page https://www.suse.com/security/cve/CVE-2018-14665/ SUSE CVE CVE-2018-14665 page https://www.suse.com/security/cve/CVE-2020-14345/ SUSE CVE CVE-2020-14345 page https://www.suse.com/security/cve/CVE-2020-14346/ SUSE CVE CVE-2020-14346 page https://www.suse.com/security/cve/CVE-2020-14347/ SUSE CVE CVE-2020-14347 page https://www.suse.com/security/cve/CVE-2020-14360/ SUSE CVE CVE-2020-14360 page https://www.suse.com/security/cve/CVE-2020-14361/ SUSE CVE CVE-2020-14361 page https://www.suse.com/security/cve/CVE-2020-14362/ SUSE CVE CVE-2020-14362 page https://www.suse.com/security/cve/CVE-2020-25712/ SUSE CVE CVE-2020-25712 page https://www.suse.com/security/cve/CVE-2021-3472/ SUSE CVE CVE-2021-3472 page openSUSE Tumbleweed xorg-x11-server-1.20.13-1.2 xorg-x11-server-Xvfb-1.20.13-1.2 xorg-x11-server-extra-1.20.13-1.2 xorg-x11-server-sdk-1.20.13-1.2 xorg-x11-server-source-1.20.13-1.2 xorg-x11-server-wrapper-1.20.13-1.2 xorg-x11-server-1.20.13-1.2 as a component of openSUSE Tumbleweed xorg-x11-server-Xvfb-1.20.13-1.2 as a component of openSUSE Tumbleweed xorg-x11-server-extra-1.20.13-1.2 as a component of openSUSE Tumbleweed xorg-x11-server-sdk-1.20.13-1.2 as a component of openSUSE Tumbleweed xorg-x11-server-source-1.20.13-1.2 as a component of openSUSE Tumbleweed xorg-x11-server-wrapper-1.20.13-1.2 as a component of openSUSE Tumbleweed Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. CVE-2006-6101 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-6101.html CVE-2006-6101 https://bugzilla.suse.com/225972 SUSE Bug 225972 Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. CVE-2006-6102 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-6102.html CVE-2006-6102 https://bugzilla.suse.com/225974 SUSE Bug 225974 Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. CVE-2006-6103 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-6103.html CVE-2006-6103 https://bugzilla.suse.com/225975 SUSE Bug 225975 Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption. CVE-2007-1003 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-1003.html CVE-2007-1003 https://bugzilla.suse.com/243978 SUSE Bug 243978 https://bugzilla.suse.com/261141 SUSE Bug 261141 Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. CVE-2007-5760 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-5760.html CVE-2007-5760 https://bugzilla.suse.com/345496 SUSE Bug 345496 The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. CVE-2007-6427 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-6427.html CVE-2007-6427 https://bugzilla.suse.com/345127 SUSE Bug 345127 The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index. CVE-2007-6428 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-6428.html CVE-2007-6428 https://bugzilla.suse.com/345128 SUSE Bug 345128 Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. CVE-2007-6429 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-6429.html CVE-2007-6429 https://bugzilla.suse.com/345130 SUSE Bug 345130 https://bugzilla.suse.com/345131 SUSE Bug 345131 Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. CVE-2008-0006 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-0006.html CVE-2008-0006 https://bugzilla.suse.com/348296 SUSE Bug 348296 The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. CVE-2008-1377 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1377.html CVE-2008-1377 https://bugzilla.suse.com/374318 SUSE Bug 374318 https://bugzilla.suse.com/374323 SUSE Bug 374323 Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height. CVE-2008-1379 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1379.html CVE-2008-1379 https://bugzilla.suse.com/374318 SUSE Bug 374318 https://bugzilla.suse.com/374320 SUSE Bug 374320 Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow. CVE-2008-2360 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-2360.html CVE-2008-2360 https://bugzilla.suse.com/374321 SUSE Bug 374321 Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory. CVE-2008-2361 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-2361.html CVE-2008-2361 https://bugzilla.suse.com/374321 SUSE Bug 374321 Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption. CVE-2008-2362 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-2362.html CVE-2008-2362 https://bugzilla.suse.com/374321 SUSE Bug 374321 In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. CVE-2017-10971 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10971.html CVE-2017-10971 https://bugzilla.suse.com/1035283 SUSE Bug 1035283 https://bugzilla.suse.com/1047730 SUSE Bug 1047730 xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVE-2017-12176 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12176.html CVE-2017-12176 https://bugzilla.suse.com/1063041 SUSE Bug 1063041 xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. CVE-2017-12187 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12187.html CVE-2017-12187 https://bugzilla.suse.com/1063034 SUSE Bug 1063034 In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. CVE-2017-13721 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate 5.7 AV:L/AC:L/Au:S/C:P/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-13721.html CVE-2017-13721 https://bugzilla.suse.com/1051150 SUSE Bug 1051150 https://bugzilla.suse.com/1052984 SUSE Bug 1052984 It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. CVE-2017-2624 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate 4 AV:L/AC:H/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-2624.html CVE-2017-2624 https://bugzilla.suse.com/1025029 SUSE Bug 1025029 https://bugzilla.suse.com/1025639 SUSE Bug 1025639 https://bugzilla.suse.com/1035283 SUSE Bug 1035283 A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. CVE-2018-14665 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14665.html CVE-2018-14665 https://bugzilla.suse.com/1111697 SUSE Bug 1111697 https://bugzilla.suse.com/1112020 SUSE Bug 1112020 A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14345 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14345.html CVE-2020-14345 https://bugzilla.suse.com/1174635 SUSE Bug 1174635 https://bugzilla.suse.com/1174638 SUSE Bug 1174638 https://bugzilla.suse.com/1174908 SUSE Bug 1174908 https://bugzilla.suse.com/1174910 SUSE Bug 1174910 https://bugzilla.suse.com/1174913 SUSE Bug 1174913 https://bugzilla.suse.com/1177596 SUSE Bug 1177596 https://bugzilla.suse.com/1181067 SUSE Bug 1181067 A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14346 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14346.html CVE-2020-14346 https://bugzilla.suse.com/1174635 SUSE Bug 1174635 https://bugzilla.suse.com/1174638 SUSE Bug 1174638 https://bugzilla.suse.com/1174910 SUSE Bug 1174910 https://bugzilla.suse.com/1174913 SUSE Bug 1174913 A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. CVE-2020-14347 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14347.html CVE-2020-14347 https://bugzilla.suse.com/1174633 SUSE Bug 1174633 A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14360 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14360.html CVE-2020-14360 https://bugzilla.suse.com/1174908 SUSE Bug 1174908 https://bugzilla.suse.com/1177596 SUSE Bug 1177596 A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14361 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14361.html CVE-2020-14361 https://bugzilla.suse.com/1174635 SUSE Bug 1174635 https://bugzilla.suse.com/1174638 SUSE Bug 1174638 https://bugzilla.suse.com/1174910 SUSE Bug 1174910 https://bugzilla.suse.com/1174913 SUSE Bug 1174913 A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14362 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14362.html CVE-2020-14362 https://bugzilla.suse.com/1174635 SUSE Bug 1174635 https://bugzilla.suse.com/1174638 SUSE Bug 1174638 https://bugzilla.suse.com/1174910 SUSE Bug 1174910 https://bugzilla.suse.com/1174913 SUSE Bug 1174913 A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-25712 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-25712.html CVE-2020-25712 https://bugzilla.suse.com/1174908 SUSE Bug 1174908 https://bugzilla.suse.com/1177596 SUSE Bug 1177596 A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2021-3472 openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2 openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3472.html CVE-2021-3472 https://bugzilla.suse.com/1180128 SUSE Bug 1180128