xorg-x11-server-21.1.9-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13361 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z xorg-x11-server-21.1.9-1.1 on GA media These are all security issues fixed in the xorg-x11-server-21.1.9-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13361 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13361 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-5367/ SUSE CVE CVE-2023-5367 page https://www.suse.com/security/cve/CVE-2023-5574/ SUSE CVE CVE-2023-5574 page openSUSE Tumbleweed xorg-x11-server-21.1.9-1.1 xorg-x11-server-Xvfb-21.1.9-1.1 xorg-x11-server-extra-21.1.9-1.1 xorg-x11-server-sdk-21.1.9-1.1 xorg-x11-server-source-21.1.9-1.1 xorg-x11-server-wrapper-21.1.9-1.1 xorg-x11-server-21.1.9-1.1 as a component of openSUSE Tumbleweed xorg-x11-server-Xvfb-21.1.9-1.1 as a component of openSUSE Tumbleweed xorg-x11-server-extra-21.1.9-1.1 as a component of openSUSE Tumbleweed xorg-x11-server-sdk-21.1.9-1.1 as a component of openSUSE Tumbleweed xorg-x11-server-source-21.1.9-1.1 as a component of openSUSE Tumbleweed xorg-x11-server-wrapper-21.1.9-1.1 as a component of openSUSE Tumbleweed A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. CVE-2023-5367 openSUSE Tumbleweed:xorg-x11-server-21.1.9-1.1 openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.9-1.1 openSUSE Tumbleweed:xorg-x11-server-extra-21.1.9-1.1 openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.9-1.1 openSUSE Tumbleweed:xorg-x11-server-source-21.1.9-1.1 openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.9-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5367.html CVE-2023-5367 https://bugzilla.suse.com/1216135 SUSE Bug 1216135 https://bugzilla.suse.com/1217447 SUSE Bug 1217447 https://bugzilla.suse.com/1221590 SUSE Bug 1221590 A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. CVE-2023-5574 openSUSE Tumbleweed:xorg-x11-server-21.1.9-1.1 openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.9-1.1 openSUSE Tumbleweed:xorg-x11-server-extra-21.1.9-1.1 openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.9-1.1 openSUSE Tumbleweed:xorg-x11-server-source-21.1.9-1.1 openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.9-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5574.html CVE-2023-5574 https://bugzilla.suse.com/1216261 SUSE Bug 1216261 https://bugzilla.suse.com/1217447 SUSE Bug 1217447