Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2022:4480-1 Important: xorg-x11-server DoS and Overflow

suse
Calendar Grey December 14, 2022
Dist Suse Esm H88
A critical security notice for SUSE regarding vulnerabilities in the xorg-x11-server, highlighting essential patches for multiple distributions.
An update that solves 6 vulnerabilities and has one errata is now available

Summary

This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory DoS important SUSE stack overflow out-of-bounds xorg-x11-server

References

#1205874 #1205875 #1205876 #1205877 #1205878

#1205879 #1206017

Cross- CVE-2022-4283 CVE-2022-46340 CVE-2022-46341

CVE-2022-46342 CVE-2022-46343 CVE-2022-46344

CVSS scores:

CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products:

SUSE Enterprise Storage 7

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise Desktop 15-SP3

SUSE Linux Enterprise Deskt...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4480-1
Rating: important

Topics%20covered

Topics Covered

security advisory DoS important SUSE stack overflow out-of-bounds xorg-x11-server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here