Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

openSUSE Leap 15.3: 2021:4136-1 Important xorg-x11-server Memory Exploit

opensuse
Calendar Grey December 21, 2021
Dist Opensuse Esm H88
Urgent openSUSE patch released for addressing three significant flaws in xorg-x11-server. Implement without delay to enhance security.
An update that fixes three vulnerabilities is now available

Description

This update for xorg-x11-server fixes the following issues:

- CVE-2021-4009: The handler for the CreatePointerBarrier request of the

XFixes extension does not properly validate the request length leading

to out of bounds memory write. (bsc#1190487)

- CVE-2021-4010: The handler for the Suspend request of the Screen Saver

extension does not properly validate the request length leading to out

of bounds memory write. (bsc#1190488)

- CVE-2021-4011: The handlers for the RecordCreateContext and

RecordRegisterClients requests of the Record extension do not properly

validate the request length leading to out of bounds memory write.

(bsc#1190489)

Topics%20covered

Topics Covered

security advisory security update important memory exploit out of bounds xorg-x11-server openSUSE Leap

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-4136=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

xorg-x11-server-1.20.3-22.5.42.1

xorg-x11-server-debuginfo-1.20.3-22.5.42.1

xorg-x11-server-debugsource-1.20.3-22.5.42.1

xorg-x11-server-extra-1.20.3-22.5.42.1

xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1

xorg-x11-server-sdk-1.20.3-22.5.42.1

xorg-x11-server-source-1.20.3-22.5.42.1

xorg-x11-server-wayland-1.20.3-22.5.42.1

xorg-x11-server-wayland-debuginfo-1.20.3-22.5.42.1

References

https://www.suse.com/security/cve/CVE-2021-4009.html

https://www.suse.com/security/cve/CVE-2021-4010.html

https://www.suse.com/security/cve/CVE-2021-4011.html

https://bugzilla.suse.com/1190487

https://bugzilla.suse.com/1190488

https://bugzilla.suse.com/1190489

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:4136-1
Rating: important
Affected Products: openSUSE Leap 15.3 .

Topics%20covered

Topics Covered

security advisory security update important memory exploit out of bounds xorg-x11-server openSUSE Leap

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here