Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2021:4136-1 Critical: Xorg-X11-Server Memory Write Threats

suse
Calendar Grey December 21, 2021
Dist Suse Esm H88
A critical security notification for xorg-x11-server highlighting three separate vulnerabilities. Immediate update is advised.
An update that fixes three vulnerabilities is now available

Summary

This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4010: The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190488) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory software update remote access threat mitigation memory issue SUSE Xorg

References

#1190487 #1190488 #1190489

Cross- CVE-2021-4009 CVE-2021-4010 CVE-2021-4011

CVSS scores:

CVE-2021-4009 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-4010 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-4011 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Manager Server 4.1

SUSE Manager Retail Branch Server 4.1

SUSE Manager Proxy 4.1

SUSE Linux Enterprise Workstation Extension 15-SP3

SUSE Linux Enterprise Server for SAP 15-SP2

SUSE Linux Enterprise Server 15-SP2-LTSS

SUSE Linux Enterprise Server 15-SP2-BCL

SUSE Linux Enterprise Module for Development Tools 15-SP3

SUSE Linux Enterprise Module for Basesystem 15-SP3

SUSE Linux Enterprise High Perf...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:4136-1
Rating: important

Topics%20covered

Topics Covered

security advisory software update remote access threat mitigation memory issue SUSE Xorg

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here