Overview

Request 940574 superseded

- U_xfixes-Fix-out-of-bounds-access-in-ProcXFixesCreateP.patch
* CVE-2021-4009/ZDI-CAN-14950 (bsc#1190487)
The handler for the CreatePointerBarrier request of the XFixes
extension does not properly validate the request length leading
to out of bounds memory write.
- U_Xext-Fix-out-of-bounds-access-in-SProcScreenSaverSus.patch
* CVE-2021-4010/ZDI-CAN-14951 (bsc#1190488)
The handler for the Suspend request of the Screen Saver extension
does not properly validate the request length leading to out of
bounds memory write.
- U_record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch
* CVE-2021-4011/ZDI-CAN-14952 (bsc#1190489)
The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write.

- U_rendercompositeglyphs.patch
* X.Org Server SProcRenderCompositeGlyphs Out-Of-Bounds Access
Privilege Escalation Vulnerability [CVE-2021-4008, ZDI-CAN-14192]
(boo#1193030)

Request History
Stefan Dirsch's avatar

sndirsch created request

- U_xfixes-Fix-out-of-bounds-access-in-ProcXFixesCreateP.patch
* CVE-2021-4009/ZDI-CAN-14950 (bsc#1190487)
The handler for the CreatePointerBarrier request of the XFixes
extension does not properly validate the request length leading
to out of bounds memory write.
- U_Xext-Fix-out-of-bounds-access-in-SProcScreenSaverSus.patch
* CVE-2021-4010/ZDI-CAN-14951 (bsc#1190488)
The handler for the Suspend request of the Screen Saver extension
does not properly validate the request length leading to out of
bounds memory write.
- U_record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch
* CVE-2021-4011/ZDI-CAN-14952 (bsc#1190489)
The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write.

- U_rendercompositeglyphs.patch
* X.Org Server SProcRenderCompositeGlyphs Out-Of-Bounds Access
Privilege Escalation Vulnerability [CVE-2021-4008, ZDI-CAN-14192]
(boo#1193030)

Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Saul Goodman's avatar

licensedigger accepted review

ok

Dominique Leuenberger's avatar

dimstar_suse set openSUSE:Factory:Staging:E as a staging project

Being evaluated by staging project "openSUSE:Factory:Staging:E"

Dominique Leuenberger's avatar

dimstar_suse accepted review

Picked "openSUSE:Factory:Staging:E"

Dominique Leuenberger's avatar

dimstar accepted review

Stefan Dirsch's avatar

sndirsch superseded request

superseded by 940758

openSUSE Build Service is sponsored by
Places