jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cvrf2cusa/cvrf/2022/cvrf-openEuler-SA-2022-1949.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

211 lines
12 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP3</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2022-1949</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2022-09-23</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2022-09-23</InitialReleaseDate>
<CurrentReleaseDate>2022-09-23</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2022-09-23</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">xorg-x11-server security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP3.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">
Security Fix(es):
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-4008)
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-4009)
A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to an out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions.(CVE-2021-4010)
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-4011)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">xorg-x11-server</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1949</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4008</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4009</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4010</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4011</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-4008</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-4009</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-4010</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-4011</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="xorg-x11-server-1.20.8-12" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">xorg-x11-server-1.20.8-12.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="xorg-x11-server-debuginfo-1.20.8-12" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">xorg-x11-server-debuginfo-1.20.8-12.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="xorg-x11-server-Xephyr-1.20.8-12" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">xorg-x11-server-Xephyr-1.20.8-12.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="xorg-x11-server-devel-1.20.8-12" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">xorg-x11-server-devel-1.20.8-12.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="xorg-x11-server-debugsource-1.20.8-12" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">xorg-x11-server-debugsource-1.20.8-12.oe1.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="xorg-x11-server-help-1.20.8-12" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">xorg-x11-server-help-1.20.8-12.oe1.noarch.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="xorg-x11-server-1.20.8-12" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">xorg-x11-server-1.20.8-12.oe1.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="xorg-x11-server-devel-1.20.8-12" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">xorg-x11-server-devel-1.20.8-12.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="xorg-x11-server-debuginfo-1.20.8-12" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">xorg-x11-server-debuginfo-1.20.8-12.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="xorg-x11-server-debugsource-1.20.8-12" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">xorg-x11-server-debugsource-1.20.8-12.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="xorg-x11-server-Xephyr-1.20.8-12" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">xorg-x11-server-Xephyr-1.20.8-12.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="xorg-x11-server-1.20.8-12" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">xorg-x11-server-1.20.8-12.oe1.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions.</Note>
</Notes>
<ReleaseDate>2022-09-23</ReleaseDate>
<CVE>CVE-2021-4008</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.8</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>xorg-x11-server security update</Description>
<DATE>2022-09-23</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1949</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions.</Note>
</Notes>
<ReleaseDate>2022-09-23</ReleaseDate>
<CVE>CVE-2021-4009</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.8</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>xorg-x11-server security update</Description>
<DATE>2022-09-23</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1949</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to an out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions.</Note>
</Notes>
<ReleaseDate>2022-09-23</ReleaseDate>
<CVE>CVE-2021-4010</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.8</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>xorg-x11-server security update</Description>
<DATE>2022-09-23</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1949</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="4" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="4" xml:lang="en">A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to an out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions.</Note>
</Notes>
<ReleaseDate>2022-09-23</ReleaseDate>
<CVE>CVE-2021-4011</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.8</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>xorg-x11-server security update</Description>
<DATE>2022-09-23</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1949</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink