Security update for xorg-x11-server SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:0655-1 Final 1 1 2023-03-08T09:22:22Z current 2023-03-08T09:22:22Z 2023-03-08T09:22:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xorg-x11-server This update for xorg-x11-server fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-655,SUSE-OpenStack-Cloud-9-2023-655,SUSE-OpenStack-Cloud-Crowbar-9-2023-655,SUSE-SLE-SAP-12-SP4-2023-655,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-655,SUSE-SLE-SERVER-12-SP4-LTSS-2023-655 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20230655-1/ Link for SUSE-SU-2023:0655-1 https://lists.suse.com/pipermail/sle-security-updates/2023-March/013992.html E-Mail link for SUSE-SU-2023:0655-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1205874 SUSE Bug 1205874 https://www.suse.com/security/cve/CVE-2022-46340/ SUSE CVE CVE-2022-46340 page SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 xorg-x11-server-1.19.6-4.45.1 xorg-x11-server-extra-1.19.6-4.45.1 xorg-x11-server-sdk-1.19.6-4.45.1 xorg-x11-server-source-1.19.6-4.45.1 xorg-x11-server-1.19.6-4.45.1 as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS xorg-x11-server-extra-1.19.6-4.45.1 as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS xorg-x11-server-1.19.6-4.45.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS xorg-x11-server-extra-1.19.6-4.45.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS xorg-x11-server-1.19.6-4.45.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xorg-x11-server-extra-1.19.6-4.45.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xorg-x11-server-1.19.6-4.45.1 as a component of SUSE OpenStack Cloud 9 xorg-x11-server-extra-1.19.6-4.45.1 as a component of SUSE OpenStack Cloud 9 xorg-x11-server-1.19.6-4.45.1 as a component of SUSE OpenStack Cloud Crowbar 9 xorg-x11-server-extra-1.19.6-4.45.1 as a component of SUSE OpenStack Cloud Crowbar 9 A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. CVE-2022-46340 SUSE Linux Enterprise Server 12 SP4-ESPOS:xorg-x11-server-1.19.6-4.45.1 SUSE Linux Enterprise Server 12 SP4-ESPOS:xorg-x11-server-extra-1.19.6-4.45.1 SUSE Linux Enterprise Server 12 SP4-LTSS:xorg-x11-server-1.19.6-4.45.1 SUSE Linux Enterprise Server 12 SP4-LTSS:xorg-x11-server-extra-1.19.6-4.45.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xorg-x11-server-1.19.6-4.45.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xorg-x11-server-extra-1.19.6-4.45.1 SUSE OpenStack Cloud 9:xorg-x11-server-1.19.6-4.45.1 SUSE OpenStack Cloud 9:xorg-x11-server-extra-1.19.6-4.45.1 SUSE OpenStack Cloud Crowbar 9:xorg-x11-server-1.19.6-4.45.1 SUSE OpenStack Cloud Crowbar 9:xorg-x11-server-extra-1.19.6-4.45.1 important 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230655-1/ https://www.suse.com/security/cve/CVE-2022-46340.html CVE-2022-46340 https://bugzilla.suse.com/1205874 SUSE Bug 1205874 https://bugzilla.suse.com/1206822 SUSE Bug 1206822 https://bugzilla.suse.com/1208344 SUSE Bug 1208344 https://bugzilla.suse.com/1208653 SUSE Bug 1208653