Security update for xorg-x11-server SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:4070-1 Final 1 1 2021-12-14T13:57:00Z current 2021-12-14T13:57:00Z 2021-12-14T13:57:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xorg-x11-server This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2021-4070 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FDLLTDD27WXQ6WFOOCQT3PBFXVFGSQA5/ E-Mail link for openSUSE-SU-2021:4070-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1193030 SUSE Bug 1193030 https://www.suse.com/security/cve/CVE-2021-4008/ SUSE CVE CVE-2021-4008 page openSUSE Leap 15.3 xorg-x11-server-1.20.3-22.5.39.1 xorg-x11-server-extra-1.20.3-22.5.39.1 xorg-x11-server-sdk-1.20.3-22.5.39.1 xorg-x11-server-source-1.20.3-22.5.39.1 xorg-x11-server-wayland-1.20.3-22.5.39.1 xorg-x11-server-1.20.3-22.5.39.1 as a component of openSUSE Leap 15.3 xorg-x11-server-extra-1.20.3-22.5.39.1 as a component of openSUSE Leap 15.3 xorg-x11-server-sdk-1.20.3-22.5.39.1 as a component of openSUSE Leap 15.3 xorg-x11-server-source-1.20.3-22.5.39.1 as a component of openSUSE Leap 15.3 xorg-x11-server-wayland-1.20.3-22.5.39.1 as a component of openSUSE Leap 15.3 A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2021-4008 openSUSE Leap 15.3:xorg-x11-server-1.20.3-22.5.39.1 openSUSE Leap 15.3:xorg-x11-server-extra-1.20.3-22.5.39.1 openSUSE Leap 15.3:xorg-x11-server-sdk-1.20.3-22.5.39.1 openSUSE Leap 15.3:xorg-x11-server-source-1.20.3-22.5.39.1 openSUSE Leap 15.3:xorg-x11-server-wayland-1.20.3-22.5.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FDLLTDD27WXQ6WFOOCQT3PBFXVFGSQA5/ https://www.suse.com/security/cve/CVE-2021-4008.html CVE-2021-4008 https://bugzilla.suse.com/1193030 SUSE Bug 1193030 https://bugzilla.suse.com/1194308 SUSE Bug 1194308 https://bugzilla.suse.com/1196656 SUSE Bug 1196656