Security update for xwayland SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:0654-1 Final 1 1 2023-03-08T09:03:49Z current 2023-03-08T09:03:49Z 2023-03-08T09:03:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xwayland This update for xwayland fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-654,SUSE-SLE-Product-WE-15-SP4-2023-654,openSUSE-SLE-15.4-2023-654 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20230654-1/ Link for SUSE-SU-2023:0654-1 https://lists.suse.com/pipermail/sle-security-updates/2023-March/013993.html E-Mail link for SUSE-SU-2023:0654-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1205874 SUSE Bug 1205874 https://www.suse.com/security/cve/CVE-2022-46340/ SUSE CVE CVE-2022-46340 page SUSE Linux Enterprise Workstation Extension 15 SP4 openSUSE Leap 15.4 xwayland-21.1.4-150400.3.12.1 xwayland-devel-21.1.4-150400.3.12.1 xwayland-21.1.4-150400.3.12.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 xwayland-21.1.4-150400.3.12.1 as a component of openSUSE Leap 15.4 xwayland-devel-21.1.4-150400.3.12.1 as a component of openSUSE Leap 15.4 A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. CVE-2022-46340 SUSE Linux Enterprise Workstation Extension 15 SP4:xwayland-21.1.4-150400.3.12.1 openSUSE Leap 15.4:xwayland-21.1.4-150400.3.12.1 openSUSE Leap 15.4:xwayland-devel-21.1.4-150400.3.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230654-1/ https://www.suse.com/security/cve/CVE-2022-46340.html CVE-2022-46340 https://bugzilla.suse.com/1205874 SUSE Bug 1205874 https://bugzilla.suse.com/1206822 SUSE Bug 1206822 https://bugzilla.suse.com/1208344 SUSE Bug 1208344 https://bugzilla.suse.com/1208653 SUSE Bug 1208653