Security update for xorg-x11-server SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:1675-1 Final 1 1 2023-03-29T13:34:12Z current 2023-03-29T13:34:12Z 2023-03-29T13:34:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xorg-x11-server This update for xorg-x11-server fixes the following issues: - CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP4-SAP-2023-1675,Image SLES15-SP4-SAP-Azure-2023-1675,Image SLES15-SP4-SAP-EC2-2023-1675,Image SLES15-SP4-SAP-GCE-2023-1675,Image SLES15-SP4-SAPCAL-2023-1675,Image SLES15-SP4-SAPCAL-Azure-2023-1675,Image SLES15-SP4-SAPCAL-EC2-2023-1675,Image SLES15-SP4-SAPCAL-GCE-2023-1675,SUSE-2023-1675,SUSE-SLE-Module-Basesystem-15-SP4-2023-1675,SUSE-SLE-Module-Development-Tools-15-SP4-2023-1675,openSUSE-SLE-15.4-2023-1675 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20231675-1/ Link for SUSE-SU-2023:1675-1 https://lists.suse.com/pipermail/sle-updates/2023-March/028473.html E-Mail link for SUSE-SU-2023:1675-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1209543 SUSE Bug 1209543 https://www.suse.com/security/cve/CVE-2023-1393/ SUSE CVE CVE-2023-1393 page Image SLES15-SP4-SAP Image SLES15-SP4-SAP-Azure Image SLES15-SP4-SAP-EC2 Image SLES15-SP4-SAP-GCE Image SLES15-SP4-SAPCAL Image SLES15-SP4-SAPCAL-Azure Image SLES15-SP4-SAPCAL-EC2 Image SLES15-SP4-SAPCAL-GCE SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP4 openSUSE Leap 15.4 xorg-x11-server-1.20.3-150400.38.22.1 xorg-x11-server-extra-1.20.3-150400.38.22.1 xorg-x11-server-sdk-1.20.3-150400.38.22.1 xorg-x11-server-source-1.20.3-150400.38.22.1 xorg-x11-server-1.20.3-150400.38.22.1 as a component of Image SLES15-SP4-SAP xorg-x11-server-1.20.3-150400.38.22.1 as a component of Image SLES15-SP4-SAP-Azure xorg-x11-server-1.20.3-150400.38.22.1 as a component of Image SLES15-SP4-SAP-EC2 xorg-x11-server-1.20.3-150400.38.22.1 as a component of Image SLES15-SP4-SAP-GCE xorg-x11-server-1.20.3-150400.38.22.1 as a component of Image SLES15-SP4-SAPCAL xorg-x11-server-1.20.3-150400.38.22.1 as a component of Image SLES15-SP4-SAPCAL-Azure xorg-x11-server-1.20.3-150400.38.22.1 as a component of Image SLES15-SP4-SAPCAL-EC2 xorg-x11-server-1.20.3-150400.38.22.1 as a component of Image SLES15-SP4-SAPCAL-GCE xorg-x11-server-1.20.3-150400.38.22.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 xorg-x11-server-extra-1.20.3-150400.38.22.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 xorg-x11-server-sdk-1.20.3-150400.38.22.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 xorg-x11-server-1.20.3-150400.38.22.1 as a component of openSUSE Leap 15.4 xorg-x11-server-extra-1.20.3-150400.38.22.1 as a component of openSUSE Leap 15.4 xorg-x11-server-sdk-1.20.3-150400.38.22.1 as a component of openSUSE Leap 15.4 xorg-x11-server-source-1.20.3-150400.38.22.1 as a component of openSUSE Leap 15.4 A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. CVE-2023-1393 Image SLES15-SP4-SAP-Azure:xorg-x11-server-1.20.3-150400.38.22.1 Image SLES15-SP4-SAP-EC2:xorg-x11-server-1.20.3-150400.38.22.1 Image SLES15-SP4-SAP-GCE:xorg-x11-server-1.20.3-150400.38.22.1 Image SLES15-SP4-SAP:xorg-x11-server-1.20.3-150400.38.22.1 Image SLES15-SP4-SAPCAL-Azure:xorg-x11-server-1.20.3-150400.38.22.1 Image SLES15-SP4-SAPCAL-EC2:xorg-x11-server-1.20.3-150400.38.22.1 Image SLES15-SP4-SAPCAL-GCE:xorg-x11-server-1.20.3-150400.38.22.1 Image SLES15-SP4-SAPCAL:xorg-x11-server-1.20.3-150400.38.22.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:xorg-x11-server-1.20.3-150400.38.22.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:xorg-x11-server-extra-1.20.3-150400.38.22.1 SUSE Linux Enterprise Module for Development Tools 15 SP4:xorg-x11-server-sdk-1.20.3-150400.38.22.1 openSUSE Leap 15.4:xorg-x11-server-1.20.3-150400.38.22.1 openSUSE Leap 15.4:xorg-x11-server-extra-1.20.3-150400.38.22.1 openSUSE Leap 15.4:xorg-x11-server-sdk-1.20.3-150400.38.22.1 openSUSE Leap 15.4:xorg-x11-server-source-1.20.3-150400.38.22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20231675-1/ https://www.suse.com/security/cve/CVE-2023-1393.html CVE-2023-1393 https://bugzilla.suse.com/1209543 SUSE Bug 1209543 https://bugzilla.suse.com/1210895 SUSE Bug 1210895 https://bugzilla.suse.com/1211551 SUSE Bug 1211551