Bug 1194179 (CVE-2022-2319)

Summary:	VUL-0: CVE-2022-2319: ZDI-CAN-16062: xorg-x11-server: OOB access in _CheckSetSections()
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Thomas Leroy <thomas.leroy>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	gabriele.sonnu, meissner, sndirsch, thomas.leroy
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/319297/
Whiteboard:
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	0001-xkb-add-request-length-validation-for-XkbSetGeometry.patch

Description Thomas Leroy 2021-12-30 13:43:24 UTC

-- ABSTRACT -------------------------------------

Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products:
X.Org - Server

-- VULNERABILITY DETAILS ------------------------
* Version tested: 1.20.11
* Installer file: debian-live-11.1.0-amd64-xfce.iso
* Platform tested: debian-live-11.1.0-amd64-xfce

---

### Analysis

```
the exploit doesn't work if the OS installed on vmware and default virtualbox
it works on virtualbox with VBoxVGA graphic controller

OOB access bug exist in xserver, _CheckSetSections()
https://gitlab.freedesktop.org/xorg/xserver/-/blob/master/xkb/xkb.c#L5332
exploit use pixmap to spray and achieve the arbitrary read/write
it leads to LPE for some distribution (xorg in debian xfce is run as root under specific display driver) and RCE for ssh x11 forwarding environmnet
```

~~~C++
int
ProcXkbSetGeometry(ClientPtr client)
{
        DeviceIntPtr dev; int rc;
        REQUEST(xkbSetGeometryReq);
        REQUEST_AT_LEAST_SIZE(xkbSetGeometryReq);
        if (!(client->xkbClientFlags & _XkbClientInitialized))
                return BadAccess;
        CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixManageAccess);
        CHK_ATOM_OR_NONE(stuff->name);
        rc = _XkbSetGeometry(client, dev, stuff);               // (1)
...
}

static int
_XkbSetGeometry(ClientPtr client, DeviceIntPtr dev, xkbSetGeometryReq * stuff)
{
        XkbDescPtr xkb;
        Bool new_name; xkbNewKeyboardNotify nkn;
        XkbGeometryPtr geom, old;
        XkbGeometrySizesRec sizes;
        Status status;

        xkb = dev->key->xkbInfo->desc; old = xkb->geom;
        xkb->geom = NULL;
        ...
        geom = xkb->geom;
        geom->name = stuff->name;
        geom->width_mm = stuff->widthMM;
        geom->height_mm = stuff->heightMM;
        if ((status = _CheckSetGeom(geom, stuff, client)) != Success) { // (2)
                XkbFreeGeometry(geom, XkbGeomAllMask, TRUE);
                xkb->geom = old;
                return status;
        }
...
}

static Status
_CheckSetGeom(XkbGeometryPtr geom, xkbSetGeometryReq * req, ClientPtr client)
{
...
        if ((status = _CheckSetSections(geom, req, &wire, client)) != Success) // (3)
                return status;
...
}

static Status
_CheckSetSections(XkbGeometryPtr geom,
                  xkbSetGeometryReq * req, char **wire_inout, ClientPtr client)
{
    Status status;
    register int s;
    char *wire;
    xkbSectionWireDesc *sWire;
    XkbSectionPtr section;

    wire = *wire_inout;
    if (req->nSections < 1)
        return Success;
    sWire = (xkbSectionWireDesc *) wire;
    for (s = 0; s < req->nSections; s++) {              // (4) req->nSections is controlled and didn't validate
        register int r;
        xkbRowWireDesc *rWire;

        if (client->swapped) {
            swapl(&sWire->name);                                // (5) OOB access
            swaps(&sWire->top);
            swaps(&sWire->left);
            swaps(&sWire->width);
            swaps(&sWire->height);
            swaps(&sWire->angle);
        }
        CHK_ATOM_ONLY(sWire->name);
                ...
        rWire = (xkbRowWireDesc *) &sWire[1];
        for (r = 0; r < sWire->nRows; r++) {    // (4) sWire->nRows is controlled and didn't validate
            register int k;
            XkbRowPtr row;
            xkbKeyWireDesc *kWire;

            if (client->swapped) {
                swaps(&rWire->top);                             // (5) OOB access
                swaps(&rWire->left);
            }
                        ...
            kWire = (xkbKeyWireDesc *) &rWire[1];
            for (k = 0; k < rWire->nKeys; k++) {                // (4) rWire->nKeys is controlled and didn't validate
                XkbKeyPtr key;
                                ...
            }
            rWire = (xkbRowWireDesc *) &kWire[rWire->nKeys];
        }
        wire = (char *) rWire;
                ...
        sWire = (xkbSectionWireDesc *) wire;
    }
    wire = (char *) sWire;
    *wire_inout = wire;
    return Success;
}
~~~

debug log
```
(gdb) b *0x559599821000+0x15924B
Breakpoint 1 at 0x55959997a24b
(gdb) b *0x559599821000+0x159304
Breakpoint 2 at 0x55959997a304
(gdb) c
Continuing.

Thread 1 "Xorg" hit Breakpoint 1, 0x000055959997a24b in ?? ()
(gdb) x/10i $pc
=> 0x55959997a24b:      mov    DWORD PTR [r15],edi                      // swapl(&sWire->name);
   0x55959997a24e:      rol    WORD PTR [r15+0x4],0x8
   0x55959997a254:      rol    WORD PTR [r15+0x6],0x8
   0x55959997a25a:      rol    WORD PTR [r15+0x8],0x8
   0x55959997a260:      rol    WORD PTR [r15+0xa],0x8
   0x55959997a266:      rol    WORD PTR [r15+0xc],0x8
   0x55959997a26c:      test   edi,edi
   0x55959997a26e:      je     0x55959997a634
   0x55959997a274:      call   0x55959986a340 <ValidAtom>
   0x55959997a279:      test   eax,eax
(gdb) x/64xb $r15
0x5595a0b65848: 0x00    0x00    0x00    0x01    0x00    0x00    0x00    0x00
0x5595a0b65850: 0x00    0x00    0x00    0x00    0x00    0x00    0x00    0x02
0x5595a0b65858: 0x00    0x01    0x00    0x00    0x00    0x00    0x00    0x00
0x5595a0b65860: 0x03    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x5595a0b65868: 0xa1    0x02    0x01    0x00    0x00    0x00    0x00    0x00
0x5595a0b65870: 0x01    0x00    0x01    0x01    0x80    0x08    0x80    0x03
0x5595a0b65878: 0x00    0x00    0x00    0x00    0x40    0x00    0x40    0x20
0x5595a0b65880: 0x70    0x3f    0x62    0x9b    0x95    0x55    0x00    0x00
(gdb) x/10xg 0x5595a0b65860
0x5595a0b65860: 0x0000000000000003      0x00000000000102a1
0x5595a0b65870: 0x0380088001010001      0x2040004000000000              // next chunk body
0x5595a0b65880: 0x000055959b623f70      0x0000000000001a66
0x5595a0b65890: 0x00005595a0b658b8      0x0000000800000001
0x5595a0b658a0: 0x00005595a0b65908      0x0000000000000000
(gdb) c
Continuing.

Thread 1 "Xorg" hit Breakpoint 2, 0x000055959997a304 in ?? ()
(gdb) x/10i $pc
=> 0x55959997a304:      rol    WORD PTR [rbx],0x8                               // swaps(&rWire->top);
   0x55959997a308:      rol    WORD PTR [rbx+0x2],0x8
   0x55959997a30d:      movzx  esi,BYTE PTR [rbx+0x4]
   0x55959997a311:      mov    rdi,r13
   0x55959997a314:      call   0x5595999a2b40
   0x55959997a319:      mov    rbp,rax
   0x55959997a31c:      test   rax,rax
   0x55959997a31f:      je     0x55959997a3b0
   0x55959997a325:      movzx  eax,WORD PTR [rbx]
   0x55959997a328:      mov    WORD PTR [rbp+0x0],ax
(gdb) i r $rbx
rbx            0x5595a0b6585c      94101134792796
(gdb) c
Continuing.

Thread 1 "Xorg" hit Breakpoint 2, 0x000055959997a304 in ?? ()
(gdb) i r $rbx
rbx            0x5595a0b6587c      94101134792828
(gdb) si
0x000055959997a308 in ?? ()
(gdb) si
0x000055959997a30d in ?? ()
(gdb) x/10xg 0x5595a0b65860
0x5595a0b65860: 0x0000000000000003      0x00000000000102a1
0x5595a0b65870: 0x0380088001010001      0x4020400000000000              // next chunk body is corrupted by swap()
0x5595a0b65880: 0x000055959b623f70      0x0000000000001a66
0x5595a0b65890: 0x00005595a0b658b8      0x0000000800000001
0x5595a0b658a0: 0x00005595a0b65908      0x0000000000000000
(gdb) bt
#0  0x000055959997a30d in ?? ()
#1  0x00005595999831dc in ?? ()
#2  0x000055959987c544 in ?? ()
#3  0x0000559599880544 in ?? ()
#4  0x00007f6ee51efd0a in __libc_start_main (main=0x559599869ca0, argc=10, argv=0x7ffc117933f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc117933e8) at ../csu/libc-start.c:308
#5  0x0000559599869cda in _start ()
(gdb) c
Continuing.

Thread 1 "Xorg" received signal SIGSEGV, Segmentation fault.
__memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:333
333     ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory.
(gdb) bt
#0  __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:333
#1  0x00007f6ee464fc61 in fbBlt () from /usr/lib/xorg/modules/libfb.so
#2  0x00007f6ee4650a26 in fbBltStip () from /usr/lib/xorg/modules/libfb.so
#3  0x00007f6ee4654ef0 in fbGetImage () from /usr/lib/xorg/modules/libfb.so
#4  0x00005595999cd488 in ?? ()
#5  0x0000559599906ad5 in ?? ()
#6  0x000055959987952b in ?? ()
#7  0x000055959987c544 in ?? ()
#8  0x0000559599880544 in ?? ()
#9  0x00007f6ee51efd0a in __libc_start_main (main=0x559599869ca0, argc=10, argv=0x7ffc117933f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc117933e8) at ../csu/libc-start.c:308
#10 0x0000559599869cda in _start ()
(gdb)
```

-- CVSS -----------------------------------------

7.8: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

-- CREDIT ---------------------------------------
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

-- FURTHER DETAILS ------------------------------

The PGP key used for all ZDI vendor communications is available from:

  http://www.zerodayinitiative.com/documents/disclosures-pgp-key.asc


-- DISCLOSURE POLICY ----------------------------

Our vulnerability disclosure policy is available online at:

  http://www.zerodayinitiative.com/advisories/disclosure_policy/

Comment 4 Thomas Leroy 2022-01-04 14:46:42 UTC

Affected codestreams:
- SUSE:SLE-11-SP1:Update	7.4-27.40.79.27.1	
- SUSE:SLE-11-SP3:Update	7.4-27.122.40.1	
- SUSE:SLE-12-SP2:Update 	7.6_1.18.3-76.40.1	
- SUSE:SLE-12-SP4:Update 	1.19.6-4.22.1	
- SUSE:SLE-12-SP5:Update	1.19.6-10.23.1	
- SUSE:SLE-15:Update 		1.19.6
- SUSE:SLE-15-SP1:Update 	1.20.3-14.5.16.1	
- SUSE:SLE-15-SP2:Update 	1.20.3-22.5.36.1
- openSUSE:Leap:15.3:Update     1.20.3
- openSUSE:Factory              21.1.2

Comment 5 Stefan Dirsch 2022-04-04 16:46:43 UTC

Is there already a proposal for a fix available?

Comment 6 Thomas Leroy 2022-04-05 08:12:07 UTC

(In reply to Stefan Dirsch from comment #5)
> Is there already a proposal for a fix available?

I can't find anything either, we received nothing from upstream and from ZDI. I will let you know once we have further information

Comment 7 Stefan Dirsch 2022-04-05 10:42:56 UTC

Thanks for checking. I'll ask again in time for CRD. ;-)

Comment 8 Gabriele Sonnu 2022-04-12 13:42:34 UTC

SUSE:SLE-15-SP4:Update is also affected

Comment 9 Stefan Dirsch 2022-04-28 08:52:49 UTC

Patches are still pending ...

Comment 10 Stefan Dirsch 2022-05-13 19:22:28 UTC

Hmm. This is long overdue. Still no patches available ... can you ask again?

Comment 11 Marcus Meissner 2022-07-06 07:03:30 UTC

There is now hurried patch development. We will update the bug further.
CVE is CVE-2022-2319

Comment 12 Marcus Meissner 2022-07-06 07:13:29 UTC

CRD: 2022-07-12 12:00 UTC

Comment 13 Marcus Meissner 2022-07-06 07:17:44 UTC

Created attachment 860031 [details]
0001-xkb-add-request-length-validation-for-XkbSetGeometry.patch

From: Peter Hutterer <peter.hutterer@redhat.com>                                                                                                                                             

Please see v2 of the patch attached. Note that this patch requires the 
below MR (in particular the last commit from that MR): 
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/933

This version uses the existing _XkbCheckRequestBounds() function for 
bounds checking, bringing it more in line with the other request handlers.

Cheers,
   Peter

Comment 16 Stefan Dirsch 2022-07-06 15:58:31 UTC

I have issues with 

  SUSE:SLE-12-SP2:Update/xorg-x11-server

When branching this. I don't have any build repositories defined. So I can't test the build.

Comment 17 Stefan Dirsch 2022-07-06 16:05:35 UTC

(In reply to Stefan Dirsch from comment #16)
> I have issues with 
> 
>   SUSE:SLE-12-SP2:Update/xorg-x11-server
> 
> When branching this. I don't have any build repositories defined. So I can't
> test the build.

Forget about this one. Was my fault. I checked this out years ago it seems.

Comment 20 Stefan Dirsch 2022-07-07 09:18:44 UTC

(In reply to Thomas Leroy from comment #4)
> Affected codestreams:
> - SUSE:SLE-11-SP1:Update	7.4-27.40.79.27.1	

rejected because product end-of-life

> - SUSE:SLE-11-SP3:Update	7.4-27.122.40.1	
> - SUSE:SLE-12-SP2:Update 	7.6_1.18.3-76.40.1	
> - SUSE:SLE-12-SP4:Update 	1.19.6-4.22.1	
> - SUSE:SLE-12-SP5:Update	1.19.6-10.23.1	
> - SUSE:SLE-15:Update 		1.19.6
> - SUSE:SLE-15-SP1:Update 	1.20.3-14.5.16.1	
> - SUSE:SLE-15-SP2:Update 	1.20.3-22.5.36.1

submitted and already checked in. Can be QA'ed.

> - openSUSE:Leap:15.3:Update     1.20.3

Need to check this still. Patches should be identical to SUSE:SLE-15-SP2:Update.

> - openSUSE:Factory              21.1.2

Prepared. I'll submit this on CRD or the day after. Once I've seen the official announcement.

Comment 21 Stefan Dirsch 2022-07-07 09:25:39 UTC

(In reply to Stefan Dirsch from comment #20)
> > - openSUSE:Leap:15.3:Update     1.20.3
> 
> Need to check this still. Patches should be identical to
> SUSE:SLE-15-SP2:Update.

Sources are identical

# iosc rdiff SUSE:SLE-15-SP2:Update xorg-x11-server  openSUSE.org:openSUSE:Leap:15.3:Update xorg-x11-server
#

And sources of openSUSE:Leap:15.3:Update are inherited from SUSE:SLE-15-SP2:Update.

# osc branch openSUSE:Leap:15.3:Update xorg-x11-server

Note: The branch has been created of a different project,
              SUSE:SLE-15-SP2:Update,
      which is the primary location of where development for
      that package takes place.
      That's also where you would normally make changes against.
      A direct branch of the specified package can be forced
      with the --nodevelproject option.

A working copy of the branched package can be checked out with:

osc co home:sndirsch:branches:SUSE:SLE-15-SP2:Update/xorg-x11-server

==> So nothing more to do here.

Comment 22 Marcus Meissner 2022-07-12 13:22:01 UTC

Subject: X.Org Security Advisory: July 12, 2022
Date: Tue, 12 Jul 2022 15:55:05 +0300
From: Povilas Kanapickas <povilas@radix.lt>

...

X.Org Security Advisory: July 12, 2022

Multiple input validation failures in X server extensions
=========================================================

All theses issues can lead to local privileges elevation on systems
where the X server is running privileged and remote code execution for
ssh X forwarding sessions.

* CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds
Access

The handler for the ProcXkbSetGeometry request of the Xkb extension does
not properly validate the request length leading to out of bounds memory
write.

Comment 23 Stefan Dirsch 2022-07-12 13:32:55 UTC

Thanks. Now also checked into devel project (X11:XOrg/xorg-x11-server) and submitted to factory/TW.

https://build.opensuse.org/request/show/988635

Reassigning to security team.

Comment 24 Swamp Workflow Management 2022-07-12 19:15:43 UTC

SUSE-SU-2022:2373-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1194179,1194181
CVE References: CVE-2022-2319,CVE-2022-2320
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    xorg-x11-server-1.19.6-10.32.1
SUSE Linux Enterprise Server 12-SP5 (src):    xorg-x11-server-1.19.6-10.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2022-07-12 19:16:26 UTC

SUSE-SU-2022:2370-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1194179,1194181,1200076
CVE References: CVE-2022-2319,CVE-2022-2320
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    xorg-x11-server-1.20.3-150400.38.5.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    xorg-x11-server-1.20.3-150400.38.5.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    xorg-x11-server-1.20.3-150400.38.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2022-07-12 19:17:13 UTC

SUSE-SU-2022:2369-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1194179,1194181
CVE References: CVE-2022-2319,CVE-2022-2320
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    xorg-x11-server-1.19.6-4.31.1
SUSE OpenStack Cloud 9 (src):    xorg-x11-server-1.19.6-4.31.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    xorg-x11-server-1.19.6-4.31.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    xorg-x11-server-1.19.6-4.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2022-07-12 19:17:58 UTC

SUSE-SU-2022:2371-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1194179,1194181
CVE References: CVE-2022-2319,CVE-2022-2320
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    xorg-x11-server-1.19.6-150000.8.39.1
SUSE Linux Enterprise Server 15-LTSS (src):    xorg-x11-server-1.19.6-150000.8.39.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    xorg-x11-server-1.19.6-150000.8.39.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    xorg-x11-server-1.19.6-150000.8.39.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2022-07-12 19:18:37 UTC

SUSE-SU-2022:2372-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1194179,1194181
CVE References: CVE-2022-2319,CVE-2022-2320
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3-BCL (src):    xorg-x11-server-7.6_1.18.3-76.49.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    xorg-x11-server-7.6_1.18.3-76.49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Swamp Workflow Management 2022-07-12 19:19:30 UTC

SUSE-SU-2022:2375-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1194179,1194181
CVE References: CVE-2022-2319,CVE-2022-2320
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
openSUSE Leap 15.3 (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Manager Server 4.1 (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Manager Retail Branch Server 4.1 (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Manager Proxy 4.1 (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    xorg-x11-server-1.20.3-150200.22.5.55.1
SUSE Enterprise Storage 7 (src):    xorg-x11-server-1.20.3-150200.22.5.55.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2022-07-12 19:20:15 UTC

SUSE-SU-2022:2374-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1194179,1194181
CVE References: CVE-2022-2319,CVE-2022-2320
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    xorg-x11-server-1.20.3-150100.14.5.25.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    xorg-x11-server-1.20.3-150100.14.5.25.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    xorg-x11-server-1.20.3-150100.14.5.25.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    xorg-x11-server-1.20.3-150100.14.5.25.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    xorg-x11-server-1.20.3-150100.14.5.25.1
SUSE Enterprise Storage 6 (src):    xorg-x11-server-1.20.3-150100.14.5.25.1
SUSE CaaS Platform 4.0 (src):    xorg-x11-server-1.20.3-150100.14.5.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Marcus Meissner 2022-09-12 08:31:34 UTC

done