An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1949 Final 1.0 1.0 2022-09-23 Initial 2022-09-23 2022-09-23 openEuler SA Tool V1.0 2022-09-23 xorg-x11-server security update An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP3. Security Fix(es): A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-4008) A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-4009) A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to an out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions.(CVE-2021-4010) A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-4011) An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High xorg-x11-server https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1949 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4008 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4009 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4010 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4011 https://nvd.nist.gov/vuln/detail/CVE-2021-4008 https://nvd.nist.gov/vuln/detail/CVE-2021-4009 https://nvd.nist.gov/vuln/detail/CVE-2021-4010 https://nvd.nist.gov/vuln/detail/CVE-2021-4011 openEuler-20.03-LTS-SP3 xorg-x11-server-1.20.8-12.oe1.aarch64.rpm xorg-x11-server-debuginfo-1.20.8-12.oe1.aarch64.rpm xorg-x11-server-Xephyr-1.20.8-12.oe1.aarch64.rpm xorg-x11-server-devel-1.20.8-12.oe1.aarch64.rpm xorg-x11-server-debugsource-1.20.8-12.oe1.aarch64.rpm xorg-x11-server-help-1.20.8-12.oe1.noarch.rpm xorg-x11-server-1.20.8-12.oe1.src.rpm xorg-x11-server-devel-1.20.8-12.oe1.x86_64.rpm xorg-x11-server-debuginfo-1.20.8-12.oe1.x86_64.rpm xorg-x11-server-debugsource-1.20.8-12.oe1.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-12.oe1.x86_64.rpm xorg-x11-server-1.20.8-12.oe1.x86_64.rpm A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions. 2022-09-23 CVE-2021-4008 openEuler-20.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H xorg-x11-server security update 2022-09-23 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1949 A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions. 2022-09-23 CVE-2021-4009 openEuler-20.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H xorg-x11-server security update 2022-09-23 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1949 A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to an out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions. 2022-09-23 CVE-2021-4010 openEuler-20.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H xorg-x11-server security update 2022-09-23 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1949 A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to an out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions. 2022-09-23 CVE-2021-4011 openEuler-20.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H xorg-x11-server security update 2022-09-23 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1949