Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-2624 (GCVE-0-2017-2624)
Vulnerability from cvelistv5
Published
2018-07-27 18:00
Modified
2024-08-05 14:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xorg | xorg-x11-server |
Version: 1.19.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:06.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201704-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c"
},
{
"name": "1037919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037919"
},
{
"name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"name": "GLSA-201710-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-30"
},
{
"name": "96480",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96480"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xorg-x11-server",
"vendor": "Xorg",
"versions": [
{
"status": "affected",
"version": "1.19.0"
}
]
}
],
"datePublic": "2018-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-03T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201704-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c"
},
{
"name": "1037919",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037919"
},
{
"name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"name": "GLSA-201710-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-30"
},
{
"name": "96480",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96480"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2624",
"datePublished": "2018-07-27T18:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:06.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-2624\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-07-27T18:29:00.827\",\"lastModified\":\"2024-11-21T03:23:51.390\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado que xorg-x11-server en versiones anteriores a la 1.19.0 que uttilizan memcmp() para comprobar la cookie MIT recibida contra una serie de cookies v\u00e1lidas. Si la cookie es correcta, se puede adjuntar a la sesi\u00f3n de Xorg. Dado que la mayor\u00eda de las implementaciones de memcmp() retornan despu\u00e9s de que se identifique un byte no v\u00e1lido, esto provoca una diferencia de tiempo entre un byte v\u00e1lido y otro no v\u00e1lido, lo que podr\u00eda permitir un ataque de fuerza bruta eficiente.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.4,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":1.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-385\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.19.4\",\"matchCriteriaId\":\"64E6CD72-632E-4DC4-BA49-0F38F433FF8D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/96480\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037919\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201704-03\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-30\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/96480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037919\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201704-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
fkie_cve-2017-2624
Vulnerability from fkie_nvd
Published
2018-07-27 18:29
Modified
2024-11-21 03:23
Severity ?
5.9 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/96480 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id/1037919 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624 | Exploit, Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c | Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html | Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/201704-03 | Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/201710-30 | Third Party Advisory | |
| secalert@redhat.com | https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96480 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037919 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201704-03 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201710-30 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| x.org | xorg-server | * | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64E6CD72-632E-4DC4-BA49-0F38F433FF8D",
"versionEndIncluding": "1.19.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack."
},
{
"lang": "es",
"value": "Se ha encontrado que xorg-x11-server en versiones anteriores a la 1.19.0 que uttilizan memcmp() para comprobar la cookie MIT recibida contra una serie de cookies v\u00e1lidas. Si la cookie es correcta, se puede adjuntar a la sesi\u00f3n de Xorg. Dado que la mayor\u00eda de las implementaciones de memcmp() retornan despu\u00e9s de que se identifique un byte no v\u00e1lido, esto provoca una diferencia de tiempo entre un byte v\u00e1lido y otro no v\u00e1lido, lo que podr\u00eda permitir un ataque de fuerza bruta eficiente."
}
],
"id": "CVE-2017-2624",
"lastModified": "2024-11-21T03:23:51.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 4.0,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-27T18:29:00.827",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96480"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037919"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-30"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-385"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2017-2624
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-2624",
"description": "It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.",
"id": "GSD-2017-2624",
"references": [
"https://www.suse.com/security/cve/CVE-2017-2624.html",
"https://ubuntu.com/security/CVE-2017-2624",
"https://advisories.mageia.org/CVE-2017-2624.html",
"https://packetstormsecurity.com/files/cve/CVE-2017-2624"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-2624"
],
"details": "It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.",
"id": "GSD-2017-2624",
"modified": "2023-12-13T01:21:05.706351Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.19.0"
}
]
}
}
]
},
"vendor_name": "Xorg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-385",
"lang": "eng",
"value": "CWE-385"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/96480",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/96480"
},
{
"name": "http://www.securitytracker.com/id/1037919",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1037919"
},
{
"name": "https://security.gentoo.org/glsa/201704-03",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
},
{
"name": "https://security.gentoo.org/glsa/201710-30",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/201710-30"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624"
},
{
"name": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.19.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2624"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624"
},
{
"name": "GLSA-201710-30",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-30"
},
{
"name": "GLSA-201704-03",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"name": "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"name": "1037919",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037919"
},
{
"name": "96480",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96480"
},
{
"name": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-09T23:26Z",
"publishedDate": "2018-07-27T18:29Z"
}
}
}
suse-su-2017:1675-1
Vulnerability from csaf_suse
Published
2017-06-26 08:22
Modified
2017-06-26 08:22
Summary
Security update for xorg-x11-server
Notes
Title of the patch
Security update for xorg-x11-server
Description of the patch
This update for xorg-x11-server provides the following fixes:
- Remove unused function with use-after-free issue. (bsc#1025035)
- Use arc4random to generate cookies. (bsc#1025084)
- Prevent timing attack against MIT cookie. (bsc#1025029, CVE-2017-2624)
- XDrawArc performance improvement. (bsc#1019649)
- Re-enable indirect GLX by default. (bsc#1039042)
- Add IndirectGLX ServerFlags option which allows users to enable or disable indirect GLX. (bsc#1032509)
- Fix dashing in GLAMOR. (bsc#1021803)
- Fix X server crash on drawing dashed lines. (bsc#1025985)
Patchnames
SUSE-SLE-DESKTOP-12-SP2-2017-1037,SUSE-SLE-RPI-12-SP2-2017-1037,SUSE-SLE-SDK-12-SP2-2017-1037,SUSE-SLE-SERVER-12-SP2-2017-1037
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xorg-x11-server",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for xorg-x11-server provides the following fixes:\n\n- Remove unused function with use-after-free issue. (bsc#1025035)\n- Use arc4random to generate cookies. (bsc#1025084)\n- Prevent timing attack against MIT cookie. (bsc#1025029, CVE-2017-2624)\n- XDrawArc performance improvement. (bsc#1019649)\n- Re-enable indirect GLX by default. (bsc#1039042)\n- Add IndirectGLX ServerFlags option which allows users to enable or disable indirect GLX. (bsc#1032509)\n- Fix dashing in GLAMOR. (bsc#1021803)\n- Fix X server crash on drawing dashed lines. (bsc#1025985)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP2-2017-1037,SUSE-SLE-RPI-12-SP2-2017-1037,SUSE-SLE-SDK-12-SP2-2017-1037,SUSE-SLE-SERVER-12-SP2-2017-1037",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1675-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:1675-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171675-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:1675-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-June/002980.html"
},
{
"category": "self",
"summary": "SUSE Bug 1019649",
"url": "https://bugzilla.suse.com/1019649"
},
{
"category": "self",
"summary": "SUSE Bug 1021803",
"url": "https://bugzilla.suse.com/1021803"
},
{
"category": "self",
"summary": "SUSE Bug 1025029",
"url": "https://bugzilla.suse.com/1025029"
},
{
"category": "self",
"summary": "SUSE Bug 1025035",
"url": "https://bugzilla.suse.com/1025035"
},
{
"category": "self",
"summary": "SUSE Bug 1025084",
"url": "https://bugzilla.suse.com/1025084"
},
{
"category": "self",
"summary": "SUSE Bug 1025985",
"url": "https://bugzilla.suse.com/1025985"
},
{
"category": "self",
"summary": "SUSE Bug 1032509",
"url": "https://bugzilla.suse.com/1032509"
},
{
"category": "self",
"summary": "SUSE Bug 1039042",
"url": "https://bugzilla.suse.com/1039042"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2624 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2624/"
}
],
"title": "Security update for xorg-x11-server",
"tracking": {
"current_release_date": "2017-06-26T08:22:49Z",
"generator": {
"date": "2017-06-26T08:22:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:1675-1",
"initial_release_date": "2017-06-26T08:22:49Z",
"revision_history": [
{
"date": "2017-06-26T08:22:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"product": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"product_id": "xorg-x11-server-7.6_1.18.3-71.1.aarch64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"product": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"product_id": "xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-sdk-7.6_1.18.3-71.1.aarch64",
"product": {
"name": "xorg-x11-server-sdk-7.6_1.18.3-71.1.aarch64",
"product_id": "xorg-x11-server-sdk-7.6_1.18.3-71.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xorg-x11-server-sdk-7.6_1.18.3-71.1.ppc64le",
"product": {
"name": "xorg-x11-server-sdk-7.6_1.18.3-71.1.ppc64le",
"product_id": "xorg-x11-server-sdk-7.6_1.18.3-71.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-7.6_1.18.3-71.1.ppc64le",
"product": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.ppc64le",
"product_id": "xorg-x11-server-7.6_1.18.3-71.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le",
"product": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le",
"product_id": "xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xorg-x11-server-sdk-7.6_1.18.3-71.1.s390x",
"product": {
"name": "xorg-x11-server-sdk-7.6_1.18.3-71.1.s390x",
"product_id": "xorg-x11-server-sdk-7.6_1.18.3-71.1.s390x"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-7.6_1.18.3-71.1.s390x",
"product": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.s390x",
"product_id": "xorg-x11-server-7.6_1.18.3-71.1.s390x"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.s390x",
"product": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.s390x",
"product_id": "xorg-x11-server-extra-7.6_1.18.3-71.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"product": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"product_id": "xorg-x11-server-7.6_1.18.3-71.1.x86_64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"product": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"product_id": "xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-sdk-7.6_1.18.3-71.1.x86_64",
"product": {
"name": "xorg-x11-server-sdk-7.6_1.18.3-71.1.x86_64",
"product_id": "xorg-x11-server-sdk-7.6_1.18.3-71.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.x86_64"
},
"product_reference": "xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64"
},
"product_reference": "xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.aarch64"
},
"product_reference": "xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64"
},
"product_reference": "xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-sdk-7.6_1.18.3-71.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.aarch64"
},
"product_reference": "xorg-x11-server-sdk-7.6_1.18.3-71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-sdk-7.6_1.18.3-71.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.ppc64le"
},
"product_reference": "xorg-x11-server-sdk-7.6_1.18.3-71.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-sdk-7.6_1.18.3-71.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.s390x"
},
"product_reference": "xorg-x11-server-sdk-7.6_1.18.3-71.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-sdk-7.6_1.18.3-71.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.x86_64"
},
"product_reference": "xorg-x11-server-sdk-7.6_1.18.3-71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.aarch64"
},
"product_reference": "xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.ppc64le"
},
"product_reference": "xorg-x11-server-7.6_1.18.3-71.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.s390x"
},
"product_reference": "xorg-x11-server-7.6_1.18.3-71.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.x86_64"
},
"product_reference": "xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64"
},
"product_reference": "xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le"
},
"product_reference": "xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.s390x"
},
"product_reference": "xorg-x11-server-extra-7.6_1.18.3-71.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64"
},
"product_reference": "xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.aarch64"
},
"product_reference": "xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.ppc64le"
},
"product_reference": "xorg-x11-server-7.6_1.18.3-71.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.s390x"
},
"product_reference": "xorg-x11-server-7.6_1.18.3-71.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-7.6_1.18.3-71.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.x86_64"
},
"product_reference": "xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64"
},
"product_reference": "xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le"
},
"product_reference": "xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.s390x"
},
"product_reference": "xorg-x11-server-extra-7.6_1.18.3-71.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64"
},
"product_reference": "xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-2624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2624"
}
],
"notes": [
{
"category": "general",
"text": "It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2624",
"url": "https://www.suse.com/security/cve/CVE-2017-2624"
},
{
"category": "external",
"summary": "SUSE Bug 1025029 for CVE-2017-2624",
"url": "https://bugzilla.suse.com/1025029"
},
{
"category": "external",
"summary": "SUSE Bug 1025639 for CVE-2017-2624",
"url": "https://bugzilla.suse.com/1025639"
},
{
"category": "external",
"summary": "SUSE Bug 1035283 for CVE-2017-2624",
"url": "https://bugzilla.suse.com/1035283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:xorg-x11-server-extra-7.6_1.18.3-71.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:xorg-x11-server-sdk-7.6_1.18.3-71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-26T08:22:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-2624"
}
]
}
ghsa-6pw7-qhf8-rjff
Vulnerability from github
Published
2022-05-13 01:36
Modified
2022-05-13 01:36
Severity ?
VLAI Severity ?
Details
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.
{
"affected": [],
"aliases": [
"CVE-2017-2624"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-27T18:29:00Z",
"severity": "HIGH"
},
"details": "It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.",
"id": "GHSA-6pw7-qhf8-rjff",
"modified": "2022-05-13T01:36:52Z",
"published": "2022-05-13T01:36:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2624"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2624"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201710-30"
},
{
"type": "WEB",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96480"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037919"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
opensuse-su-2024:11525-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
xorg-x11-server-1.20.13-1.2 on GA media
Notes
Title of the patch
xorg-x11-server-1.20.13-1.2 on GA media
Description of the patch
These are all security issues fixed in the xorg-x11-server-1.20.13-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11525
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "xorg-x11-server-1.20.13-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the xorg-x11-server-1.20.13-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11525",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11525-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-6101 page",
"url": "https://www.suse.com/security/cve/CVE-2006-6101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-6102 page",
"url": "https://www.suse.com/security/cve/CVE-2006-6102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-6103 page",
"url": "https://www.suse.com/security/cve/CVE-2006-6103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-1003 page",
"url": "https://www.suse.com/security/cve/CVE-2007-1003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-5760 page",
"url": "https://www.suse.com/security/cve/CVE-2007-5760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-6427 page",
"url": "https://www.suse.com/security/cve/CVE-2007-6427/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-6428 page",
"url": "https://www.suse.com/security/cve/CVE-2007-6428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-6429 page",
"url": "https://www.suse.com/security/cve/CVE-2007-6429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0006 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1377 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1379 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2360 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2361 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2362 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10971 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12176 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12187 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-13721 page",
"url": "https://www.suse.com/security/cve/CVE-2017-13721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2624 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14665 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14345 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14346 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14347 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14360 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14361 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14362 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25712 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3472 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3472/"
}
],
"title": "xorg-x11-server-1.20.13-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11525-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xorg-x11-server-1.20.13-1.2.aarch64",
"product": {
"name": "xorg-x11-server-1.20.13-1.2.aarch64",
"product_id": "xorg-x11-server-1.20.13-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"product": {
"name": "xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"product_id": "xorg-x11-server-Xvfb-1.20.13-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-extra-1.20.13-1.2.aarch64",
"product": {
"name": "xorg-x11-server-extra-1.20.13-1.2.aarch64",
"product_id": "xorg-x11-server-extra-1.20.13-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"product": {
"name": "xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"product_id": "xorg-x11-server-sdk-1.20.13-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-source-1.20.13-1.2.aarch64",
"product": {
"name": "xorg-x11-server-source-1.20.13-1.2.aarch64",
"product_id": "xorg-x11-server-source-1.20.13-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"product": {
"name": "xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"product_id": "xorg-x11-server-wrapper-1.20.13-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xorg-x11-server-1.20.13-1.2.ppc64le",
"product": {
"name": "xorg-x11-server-1.20.13-1.2.ppc64le",
"product_id": "xorg-x11-server-1.20.13-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"product": {
"name": "xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"product_id": "xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"product": {
"name": "xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"product_id": "xorg-x11-server-extra-1.20.13-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"product": {
"name": "xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"product_id": "xorg-x11-server-sdk-1.20.13-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-source-1.20.13-1.2.ppc64le",
"product": {
"name": "xorg-x11-server-source-1.20.13-1.2.ppc64le",
"product_id": "xorg-x11-server-source-1.20.13-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"product": {
"name": "xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"product_id": "xorg-x11-server-wrapper-1.20.13-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xorg-x11-server-1.20.13-1.2.s390x",
"product": {
"name": "xorg-x11-server-1.20.13-1.2.s390x",
"product_id": "xorg-x11-server-1.20.13-1.2.s390x"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"product": {
"name": "xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"product_id": "xorg-x11-server-Xvfb-1.20.13-1.2.s390x"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-extra-1.20.13-1.2.s390x",
"product": {
"name": "xorg-x11-server-extra-1.20.13-1.2.s390x",
"product_id": "xorg-x11-server-extra-1.20.13-1.2.s390x"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-sdk-1.20.13-1.2.s390x",
"product": {
"name": "xorg-x11-server-sdk-1.20.13-1.2.s390x",
"product_id": "xorg-x11-server-sdk-1.20.13-1.2.s390x"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-source-1.20.13-1.2.s390x",
"product": {
"name": "xorg-x11-server-source-1.20.13-1.2.s390x",
"product_id": "xorg-x11-server-source-1.20.13-1.2.s390x"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"product": {
"name": "xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"product_id": "xorg-x11-server-wrapper-1.20.13-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xorg-x11-server-1.20.13-1.2.x86_64",
"product": {
"name": "xorg-x11-server-1.20.13-1.2.x86_64",
"product_id": "xorg-x11-server-1.20.13-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"product": {
"name": "xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"product_id": "xorg-x11-server-Xvfb-1.20.13-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-extra-1.20.13-1.2.x86_64",
"product": {
"name": "xorg-x11-server-extra-1.20.13-1.2.x86_64",
"product_id": "xorg-x11-server-extra-1.20.13-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"product": {
"name": "xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"product_id": "xorg-x11-server-sdk-1.20.13-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-source-1.20.13-1.2.x86_64",
"product": {
"name": "xorg-x11-server-source-1.20.13-1.2.x86_64",
"product_id": "xorg-x11-server-source-1.20.13-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-wrapper-1.20.13-1.2.x86_64",
"product": {
"name": "xorg-x11-server-wrapper-1.20.13-1.2.x86_64",
"product_id": "xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-1.20.13-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64"
},
"product_reference": "xorg-x11-server-1.20.13-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-1.20.13-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le"
},
"product_reference": "xorg-x11-server-1.20.13-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-1.20.13-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x"
},
"product_reference": "xorg-x11-server-1.20.13-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-1.20.13-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64"
},
"product_reference": "xorg-x11-server-1.20.13-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-Xvfb-1.20.13-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64"
},
"product_reference": "xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le"
},
"product_reference": "xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-Xvfb-1.20.13-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x"
},
"product_reference": "xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-Xvfb-1.20.13-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64"
},
"product_reference": "xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-1.20.13-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64"
},
"product_reference": "xorg-x11-server-extra-1.20.13-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-1.20.13-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le"
},
"product_reference": "xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-1.20.13-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x"
},
"product_reference": "xorg-x11-server-extra-1.20.13-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-1.20.13-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64"
},
"product_reference": "xorg-x11-server-extra-1.20.13-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-sdk-1.20.13-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64"
},
"product_reference": "xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-sdk-1.20.13-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le"
},
"product_reference": "xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-sdk-1.20.13-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x"
},
"product_reference": "xorg-x11-server-sdk-1.20.13-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-sdk-1.20.13-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64"
},
"product_reference": "xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-source-1.20.13-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64"
},
"product_reference": "xorg-x11-server-source-1.20.13-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-source-1.20.13-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le"
},
"product_reference": "xorg-x11-server-source-1.20.13-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-source-1.20.13-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x"
},
"product_reference": "xorg-x11-server-source-1.20.13-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-source-1.20.13-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64"
},
"product_reference": "xorg-x11-server-source-1.20.13-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-wrapper-1.20.13-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64"
},
"product_reference": "xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-wrapper-1.20.13-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le"
},
"product_reference": "xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-wrapper-1.20.13-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x"
},
"product_reference": "xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-wrapper-1.20.13-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
},
"product_reference": "xorg-x11-server-wrapper-1.20.13-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-6101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-6101"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-6101",
"url": "https://www.suse.com/security/cve/CVE-2006-6101"
},
{
"category": "external",
"summary": "SUSE Bug 225972 for CVE-2006-6101",
"url": "https://bugzilla.suse.com/225972"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2006-6101"
},
{
"cve": "CVE-2006-6102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-6102"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-6102",
"url": "https://www.suse.com/security/cve/CVE-2006-6102"
},
{
"category": "external",
"summary": "SUSE Bug 225974 for CVE-2006-6102",
"url": "https://bugzilla.suse.com/225974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2006-6102"
},
{
"cve": "CVE-2006-6103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-6103"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-6103",
"url": "https://www.suse.com/security/cve/CVE-2006-6103"
},
{
"category": "external",
"summary": "SUSE Bug 225975 for CVE-2006-6103",
"url": "https://bugzilla.suse.com/225975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2006-6103"
},
{
"cve": "CVE-2007-1003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-1003"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-1003",
"url": "https://www.suse.com/security/cve/CVE-2007-1003"
},
{
"category": "external",
"summary": "SUSE Bug 243978 for CVE-2007-1003",
"url": "https://bugzilla.suse.com/243978"
},
{
"category": "external",
"summary": "SUSE Bug 261141 for CVE-2007-1003",
"url": "https://bugzilla.suse.com/261141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-1003"
},
{
"cve": "CVE-2007-5760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-5760"
}
],
"notes": [
{
"category": "general",
"text": "Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-5760",
"url": "https://www.suse.com/security/cve/CVE-2007-5760"
},
{
"category": "external",
"summary": "SUSE Bug 345496 for CVE-2007-5760",
"url": "https://bugzilla.suse.com/345496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-5760"
},
{
"cve": "CVE-2007-6427",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-6427"
}
],
"notes": [
{
"category": "general",
"text": "The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-6427",
"url": "https://www.suse.com/security/cve/CVE-2007-6427"
},
{
"category": "external",
"summary": "SUSE Bug 345127 for CVE-2007-6427",
"url": "https://bugzilla.suse.com/345127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-6427"
},
{
"cve": "CVE-2007-6428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-6428"
}
],
"notes": [
{
"category": "general",
"text": "The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-6428",
"url": "https://www.suse.com/security/cve/CVE-2007-6428"
},
{
"category": "external",
"summary": "SUSE Bug 345128 for CVE-2007-6428",
"url": "https://bugzilla.suse.com/345128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-6428"
},
{
"cve": "CVE-2007-6429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-6429"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-6429",
"url": "https://www.suse.com/security/cve/CVE-2007-6429"
},
{
"category": "external",
"summary": "SUSE Bug 345130 for CVE-2007-6429",
"url": "https://bugzilla.suse.com/345130"
},
{
"category": "external",
"summary": "SUSE Bug 345131 for CVE-2007-6429",
"url": "https://bugzilla.suse.com/345131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-6429"
},
{
"cve": "CVE-2008-0006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0006"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0006",
"url": "https://www.suse.com/security/cve/CVE-2008-0006"
},
{
"category": "external",
"summary": "SUSE Bug 348296 for CVE-2008-0006",
"url": "https://bugzilla.suse.com/348296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-0006"
},
{
"cve": "CVE-2008-1377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1377"
}
],
"notes": [
{
"category": "general",
"text": "The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1377",
"url": "https://www.suse.com/security/cve/CVE-2008-1377"
},
{
"category": "external",
"summary": "SUSE Bug 374318 for CVE-2008-1377",
"url": "https://bugzilla.suse.com/374318"
},
{
"category": "external",
"summary": "SUSE Bug 374323 for CVE-2008-1377",
"url": "https://bugzilla.suse.com/374323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-1377"
},
{
"cve": "CVE-2008-1379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1379"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1379",
"url": "https://www.suse.com/security/cve/CVE-2008-1379"
},
{
"category": "external",
"summary": "SUSE Bug 374318 for CVE-2008-1379",
"url": "https://bugzilla.suse.com/374318"
},
{
"category": "external",
"summary": "SUSE Bug 374320 for CVE-2008-1379",
"url": "https://bugzilla.suse.com/374320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1379"
},
{
"cve": "CVE-2008-2360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2360"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2360",
"url": "https://www.suse.com/security/cve/CVE-2008-2360"
},
{
"category": "external",
"summary": "SUSE Bug 374321 for CVE-2008-2360",
"url": "https://bugzilla.suse.com/374321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-2360"
},
{
"cve": "CVE-2008-2361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2361"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2361",
"url": "https://www.suse.com/security/cve/CVE-2008-2361"
},
{
"category": "external",
"summary": "SUSE Bug 374321 for CVE-2008-2361",
"url": "https://bugzilla.suse.com/374321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-2361"
},
{
"cve": "CVE-2008-2362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2362"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2362",
"url": "https://www.suse.com/security/cve/CVE-2008-2362"
},
{
"category": "external",
"summary": "SUSE Bug 374321 for CVE-2008-2362",
"url": "https://bugzilla.suse.com/374321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-2362"
},
{
"cve": "CVE-2017-10971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10971"
}
],
"notes": [
{
"category": "general",
"text": "In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10971",
"url": "https://www.suse.com/security/cve/CVE-2017-10971"
},
{
"category": "external",
"summary": "SUSE Bug 1035283 for CVE-2017-10971",
"url": "https://bugzilla.suse.com/1035283"
},
{
"category": "external",
"summary": "SUSE Bug 1047730 for CVE-2017-10971",
"url": "https://bugzilla.suse.com/1047730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-10971"
},
{
"cve": "CVE-2017-12176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12176"
}
],
"notes": [
{
"category": "general",
"text": "xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12176",
"url": "https://www.suse.com/security/cve/CVE-2017-12176"
},
{
"category": "external",
"summary": "SUSE Bug 1063041 for CVE-2017-12176",
"url": "https://bugzilla.suse.com/1063041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12176"
},
{
"cve": "CVE-2017-12187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12187"
}
],
"notes": [
{
"category": "general",
"text": "xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12187",
"url": "https://www.suse.com/security/cve/CVE-2017-12187"
},
{
"category": "external",
"summary": "SUSE Bug 1063034 for CVE-2017-12187",
"url": "https://bugzilla.suse.com/1063034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12187"
},
{
"cve": "CVE-2017-13721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-13721"
}
],
"notes": [
{
"category": "general",
"text": "In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-13721",
"url": "https://www.suse.com/security/cve/CVE-2017-13721"
},
{
"category": "external",
"summary": "SUSE Bug 1051150 for CVE-2017-13721",
"url": "https://bugzilla.suse.com/1051150"
},
{
"category": "external",
"summary": "SUSE Bug 1052984 for CVE-2017-13721",
"url": "https://bugzilla.suse.com/1052984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-13721"
},
{
"cve": "CVE-2017-2624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2624"
}
],
"notes": [
{
"category": "general",
"text": "It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2624",
"url": "https://www.suse.com/security/cve/CVE-2017-2624"
},
{
"category": "external",
"summary": "SUSE Bug 1025029 for CVE-2017-2624",
"url": "https://bugzilla.suse.com/1025029"
},
{
"category": "external",
"summary": "SUSE Bug 1025639 for CVE-2017-2624",
"url": "https://bugzilla.suse.com/1025639"
},
{
"category": "external",
"summary": "SUSE Bug 1035283 for CVE-2017-2624",
"url": "https://bugzilla.suse.com/1035283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-2624"
},
{
"cve": "CVE-2018-14665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14665"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14665",
"url": "https://www.suse.com/security/cve/CVE-2018-14665"
},
{
"category": "external",
"summary": "SUSE Bug 1111697 for CVE-2018-14665",
"url": "https://bugzilla.suse.com/1111697"
},
{
"category": "external",
"summary": "SUSE Bug 1112020 for CVE-2018-14665",
"url": "https://bugzilla.suse.com/1112020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-14665"
},
{
"cve": "CVE-2020-14345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14345"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14345",
"url": "https://www.suse.com/security/cve/CVE-2020-14345"
},
{
"category": "external",
"summary": "SUSE Bug 1174635 for CVE-2020-14345",
"url": "https://bugzilla.suse.com/1174635"
},
{
"category": "external",
"summary": "SUSE Bug 1174638 for CVE-2020-14345",
"url": "https://bugzilla.suse.com/1174638"
},
{
"category": "external",
"summary": "SUSE Bug 1174908 for CVE-2020-14345",
"url": "https://bugzilla.suse.com/1174908"
},
{
"category": "external",
"summary": "SUSE Bug 1174910 for CVE-2020-14345",
"url": "https://bugzilla.suse.com/1174910"
},
{
"category": "external",
"summary": "SUSE Bug 1174913 for CVE-2020-14345",
"url": "https://bugzilla.suse.com/1174913"
},
{
"category": "external",
"summary": "SUSE Bug 1177596 for CVE-2020-14345",
"url": "https://bugzilla.suse.com/1177596"
},
{
"category": "external",
"summary": "SUSE Bug 1181067 for CVE-2020-14345",
"url": "https://bugzilla.suse.com/1181067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14345"
},
{
"cve": "CVE-2020-14346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14346"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14346",
"url": "https://www.suse.com/security/cve/CVE-2020-14346"
},
{
"category": "external",
"summary": "SUSE Bug 1174635 for CVE-2020-14346",
"url": "https://bugzilla.suse.com/1174635"
},
{
"category": "external",
"summary": "SUSE Bug 1174638 for CVE-2020-14346",
"url": "https://bugzilla.suse.com/1174638"
},
{
"category": "external",
"summary": "SUSE Bug 1174910 for CVE-2020-14346",
"url": "https://bugzilla.suse.com/1174910"
},
{
"category": "external",
"summary": "SUSE Bug 1174913 for CVE-2020-14346",
"url": "https://bugzilla.suse.com/1174913"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14346"
},
{
"cve": "CVE-2020-14347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14347"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14347",
"url": "https://www.suse.com/security/cve/CVE-2020-14347"
},
{
"category": "external",
"summary": "SUSE Bug 1174633 for CVE-2020-14347",
"url": "https://bugzilla.suse.com/1174633"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-14347"
},
{
"cve": "CVE-2020-14360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14360"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14360",
"url": "https://www.suse.com/security/cve/CVE-2020-14360"
},
{
"category": "external",
"summary": "SUSE Bug 1174908 for CVE-2020-14360",
"url": "https://bugzilla.suse.com/1174908"
},
{
"category": "external",
"summary": "SUSE Bug 1177596 for CVE-2020-14360",
"url": "https://bugzilla.suse.com/1177596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14360"
},
{
"cve": "CVE-2020-14361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14361"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14361",
"url": "https://www.suse.com/security/cve/CVE-2020-14361"
},
{
"category": "external",
"summary": "SUSE Bug 1174635 for CVE-2020-14361",
"url": "https://bugzilla.suse.com/1174635"
},
{
"category": "external",
"summary": "SUSE Bug 1174638 for CVE-2020-14361",
"url": "https://bugzilla.suse.com/1174638"
},
{
"category": "external",
"summary": "SUSE Bug 1174910 for CVE-2020-14361",
"url": "https://bugzilla.suse.com/1174910"
},
{
"category": "external",
"summary": "SUSE Bug 1174913 for CVE-2020-14361",
"url": "https://bugzilla.suse.com/1174913"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14361"
},
{
"cve": "CVE-2020-14362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14362"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14362",
"url": "https://www.suse.com/security/cve/CVE-2020-14362"
},
{
"category": "external",
"summary": "SUSE Bug 1174635 for CVE-2020-14362",
"url": "https://bugzilla.suse.com/1174635"
},
{
"category": "external",
"summary": "SUSE Bug 1174638 for CVE-2020-14362",
"url": "https://bugzilla.suse.com/1174638"
},
{
"category": "external",
"summary": "SUSE Bug 1174910 for CVE-2020-14362",
"url": "https://bugzilla.suse.com/1174910"
},
{
"category": "external",
"summary": "SUSE Bug 1174913 for CVE-2020-14362",
"url": "https://bugzilla.suse.com/1174913"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14362"
},
{
"cve": "CVE-2020-25712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25712"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25712",
"url": "https://www.suse.com/security/cve/CVE-2020-25712"
},
{
"category": "external",
"summary": "SUSE Bug 1174908 for CVE-2020-25712",
"url": "https://bugzilla.suse.com/1174908"
},
{
"category": "external",
"summary": "SUSE Bug 1177596 for CVE-2020-25712",
"url": "https://bugzilla.suse.com/1177596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-25712"
},
{
"cve": "CVE-2021-3472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3472"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3472",
"url": "https://www.suse.com/security/cve/CVE-2021-3472"
},
{
"category": "external",
"summary": "SUSE Bug 1180128 for CVE-2021-3472",
"url": "https://bugzilla.suse.com/1180128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-1.20.13-1.2.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-1.20.13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3472"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…