Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
- CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes
extension does not properly validate the request length leading to out of
bounds memory write. (bsc#1190487)
- CVE-2021-4010: The handler for the Suspend request of the Screen Saver extension
does not properly validate the request length leading to out of
bounds memory write. (bsc#1190488)
- CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write. (bsc#1190489)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
-
Submitted by
Stefan Dirsch (sndirsch)
Fixed bugs
bnc#1190489
VUL-0: CVE-2021-4011: xorg-x11-server: SwapCreateRegister Out-Of-Bounds Access Local Privilege Escalation Vulnerability (ZDI-CAN-14952)
bnc#1190487
VUL-0: CVE-2021-4009: xorg-x11-server: SProcXFixesCreatePointerBarrier Out-Of-Bounds Access Local Privilege Escalation Vulnerability (ZDI-CAN-14950)
bnc#1190488
VUL-0: CVE-2021-4010: xorg-x11-server: SProcScreenSaverSuspend Out-Of-Bounds Access Local Privilege Escalation Vulnerability (ZDI-CAN-14951)
