Security update for xorg-x11-server SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:4136-2 Final 1 1 2022-02-17T07:41:03Z current 2022-02-17T07:41:03Z 2022-02-17T07:41:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xorg-x11-server This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4010: The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190488) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP3-EC2-HVM-2021-4136,Image SLES15-SP3-SAP-Azure-2021-4136,Image SLES15-SP3-SAP-EC2-HVM-2021-4136,Image SLES15-SP3-SAP-GCE-2021-4136,Image SLES15-SP3-SAPCAL-Azure-2021-4136,Image SLES15-SP3-SAPCAL-EC2-HVM-2021-4136,Image SLES15-SP3-SAPCAL-GCE-2021-4136,SUSE-2021-4136,SUSE-SLE-Product-RT-15-SP2-2022-465 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20214136-2/ Link for SUSE-SU-2021:4136-2 https://lists.suse.com/pipermail/sle-security-updates/2022-February/010237.html E-Mail link for SUSE-SU-2021:4136-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1190487 SUSE Bug 1190487 https://bugzilla.suse.com/1190488 SUSE Bug 1190488 https://bugzilla.suse.com/1190489 SUSE Bug 1190489 https://www.suse.com/security/cve/CVE-2021-4009/ SUSE CVE CVE-2021-4009 page https://www.suse.com/security/cve/CVE-2021-4010/ SUSE CVE CVE-2021-4010 page https://www.suse.com/security/cve/CVE-2021-4011/ SUSE CVE CVE-2021-4011 page Image SLES15-SP3-EC2-HVM Image SLES15-SP3-SAP-Azure Image SLES15-SP3-SAP-EC2-HVM Image SLES15-SP3-SAP-GCE Image SLES15-SP3-SAPCAL-Azure Image SLES15-SP3-SAPCAL-EC2-HVM Image SLES15-SP3-SAPCAL-GCE SUSE Linux Enterprise Real Time 15 SP2 xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 xorg-x11-server-source-1.20.3-22.5.42.1 xorg-x11-server-wayland-1.20.3-22.5.42.1 xorg-x11-server-1.20.3-22.5.42.1 as a component of Image SLES15-SP3-EC2-HVM xorg-x11-server-1.20.3-22.5.42.1 as a component of Image SLES15-SP3-SAP-Azure xorg-x11-server-1.20.3-22.5.42.1 as a component of Image SLES15-SP3-SAP-EC2-HVM xorg-x11-server-1.20.3-22.5.42.1 as a component of Image SLES15-SP3-SAP-GCE xorg-x11-server-1.20.3-22.5.42.1 as a component of Image SLES15-SP3-SAPCAL-Azure xorg-x11-server-1.20.3-22.5.42.1 as a component of Image SLES15-SP3-SAPCAL-EC2-HVM xorg-x11-server-1.20.3-22.5.42.1 as a component of Image SLES15-SP3-SAPCAL-GCE xorg-x11-server-1.20.3-22.5.42.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 xorg-x11-server-extra-1.20.3-22.5.42.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 xorg-x11-server-sdk-1.20.3-22.5.42.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2021-4009 Image SLES15-SP3-EC2-HVM:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAP-Azure:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAP-EC2-HVM:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAP-GCE:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAPCAL-Azure:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAPCAL-GCE:xorg-x11-server-1.20.3-22.5.42.1 SUSE Linux Enterprise Real Time 15 SP2:xorg-x11-server-1.20.3-22.5.42.1 SUSE Linux Enterprise Real Time 15 SP2:xorg-x11-server-extra-1.20.3-22.5.42.1 SUSE Linux Enterprise Real Time 15 SP2:xorg-x11-server-sdk-1.20.3-22.5.42.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20214136-2/ https://www.suse.com/security/cve/CVE-2021-4009.html CVE-2021-4009 https://bugzilla.suse.com/1190487 SUSE Bug 1190487 A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2021-4010 Image SLES15-SP3-EC2-HVM:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAP-Azure:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAP-EC2-HVM:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAP-GCE:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAPCAL-Azure:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAPCAL-GCE:xorg-x11-server-1.20.3-22.5.42.1 SUSE Linux Enterprise Real Time 15 SP2:xorg-x11-server-1.20.3-22.5.42.1 SUSE Linux Enterprise Real Time 15 SP2:xorg-x11-server-extra-1.20.3-22.5.42.1 SUSE Linux Enterprise Real Time 15 SP2:xorg-x11-server-sdk-1.20.3-22.5.42.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20214136-2/ https://www.suse.com/security/cve/CVE-2021-4010.html CVE-2021-4010 https://bugzilla.suse.com/1190488 SUSE Bug 1190488 A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2021-4011 Image SLES15-SP3-EC2-HVM:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAP-Azure:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAP-EC2-HVM:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAP-GCE:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAPCAL-Azure:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xorg-x11-server-1.20.3-22.5.42.1 Image SLES15-SP3-SAPCAL-GCE:xorg-x11-server-1.20.3-22.5.42.1 SUSE Linux Enterprise Real Time 15 SP2:xorg-x11-server-1.20.3-22.5.42.1 SUSE Linux Enterprise Real Time 15 SP2:xorg-x11-server-extra-1.20.3-22.5.42.1 SUSE Linux Enterprise Real Time 15 SP2:xorg-x11-server-sdk-1.20.3-22.5.42.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20214136-2/ https://www.suse.com/security/cve/CVE-2021-4011.html CVE-2021-4011 https://bugzilla.suse.com/1190489 SUSE Bug 1190489 https://bugzilla.suse.com/1196656 SUSE Bug 1196656