An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1951 Final 1.0 1.0 2023-12-22 Initial 2023-12-22 2023-12-22 openEuler SA Tool V1.0 2023-12-22 xorg-x11-server security update An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. X.Org X11 X server Security Fix(es): A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.(CVE-2023-6377) A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.(CVE-2023-6478) An update for xorg-x11-server is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High xorg-x11-server https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1951 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-6377 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-6478 https://nvd.nist.gov/vuln/detail/CVE-2023-6377 https://nvd.nist.gov/vuln/detail/CVE-2023-6478 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 xorg-x11-server-Xephyr-1.20.8-22.oe1.aarch64.rpm xorg-x11-server-debuginfo-1.20.8-22.oe1.aarch64.rpm xorg-x11-server-debugsource-1.20.8-22.oe1.aarch64.rpm xorg-x11-server-1.20.8-22.oe1.aarch64.rpm xorg-x11-server-devel-1.20.8-22.oe1.aarch64.rpm xorg-x11-server-devel-1.20.8-23.oe1.aarch64.rpm xorg-x11-server-1.20.8-23.oe1.aarch64.rpm xorg-x11-server-Xephyr-1.20.8-23.oe1.aarch64.rpm xorg-x11-server-debugsource-1.20.8-23.oe1.aarch64.rpm xorg-x11-server-debuginfo-1.20.8-23.oe1.aarch64.rpm xorg-x11-server-debugsource-1.20.8-23.oe2003sp4.aarch64.rpm xorg-x11-server-1.20.8-23.oe2003sp4.aarch64.rpm xorg-x11-server-Xephyr-1.20.8-23.oe2003sp4.aarch64.rpm xorg-x11-server-devel-1.20.8-23.oe2003sp4.aarch64.rpm xorg-x11-server-debuginfo-1.20.8-23.oe2003sp4.aarch64.rpm xorg-x11-server-1.20.11-24.oe2203.aarch64.rpm xorg-x11-server-debuginfo-1.20.11-24.oe2203.aarch64.rpm xorg-x11-server-Xephyr-1.20.11-24.oe2203.aarch64.rpm xorg-x11-server-common-1.20.11-24.oe2203.aarch64.rpm xorg-x11-server-devel-1.20.11-24.oe2203.aarch64.rpm xorg-x11-server-Xvfb-1.20.11-24.oe2203.aarch64.rpm xorg-x11-server-Xnest-1.20.11-24.oe2203.aarch64.rpm xorg-x11-server-Xdmx-1.20.11-24.oe2203.aarch64.rpm xorg-x11-server-debugsource-1.20.11-24.oe2203.aarch64.rpm xorg-x11-server-Xvfb-1.20.11-24.oe2203sp1.aarch64.rpm xorg-x11-server-1.20.11-24.oe2203sp1.aarch64.rpm xorg-x11-server-common-1.20.11-24.oe2203sp1.aarch64.rpm xorg-x11-server-Xephyr-1.20.11-24.oe2203sp1.aarch64.rpm xorg-x11-server-devel-1.20.11-24.oe2203sp1.aarch64.rpm xorg-x11-server-Xdmx-1.20.11-24.oe2203sp1.aarch64.rpm xorg-x11-server-debugsource-1.20.11-24.oe2203sp1.aarch64.rpm xorg-x11-server-Xnest-1.20.11-24.oe2203sp1.aarch64.rpm xorg-x11-server-debuginfo-1.20.11-24.oe2203sp1.aarch64.rpm xorg-x11-server-1.20.11-24.oe2203sp2.aarch64.rpm xorg-x11-server-common-1.20.11-24.oe2203sp2.aarch64.rpm xorg-x11-server-Xephyr-1.20.11-24.oe2203sp2.aarch64.rpm xorg-x11-server-debugsource-1.20.11-24.oe2203sp2.aarch64.rpm xorg-x11-server-devel-1.20.11-24.oe2203sp2.aarch64.rpm xorg-x11-server-debuginfo-1.20.11-24.oe2203sp2.aarch64.rpm xorg-x11-server-Xdmx-1.20.11-24.oe2203sp2.aarch64.rpm xorg-x11-server-Xnest-1.20.11-24.oe2203sp2.aarch64.rpm xorg-x11-server-Xvfb-1.20.11-24.oe2203sp2.aarch64.rpm xorg-x11-server-help-1.20.8-22.oe1.noarch.rpm xorg-x11-server-help-1.20.8-23.oe1.noarch.rpm xorg-x11-server-help-1.20.8-23.oe2003sp4.noarch.rpm xorg-x11-server-help-1.20.11-24.oe2203.noarch.rpm xorg-x11-server-source-1.20.11-24.oe2203.noarch.rpm xorg-x11-server-source-1.20.11-24.oe2203sp1.noarch.rpm xorg-x11-server-help-1.20.11-24.oe2203sp1.noarch.rpm xorg-x11-server-help-1.20.11-24.oe2203sp2.noarch.rpm xorg-x11-server-source-1.20.11-24.oe2203sp2.noarch.rpm xorg-x11-server-1.20.8-22.oe1.src.rpm xorg-x11-server-1.20.8-23.oe1.src.rpm xorg-x11-server-1.20.8-23.oe2003sp4.src.rpm xorg-x11-server-1.20.11-24.oe2203.src.rpm xorg-x11-server-1.20.11-24.oe2203sp1.src.rpm xorg-x11-server-1.20.11-24.oe2203sp2.src.rpm xorg-x11-server-debuginfo-1.20.8-22.oe1.x86_64.rpm xorg-x11-server-debugsource-1.20.8-22.oe1.x86_64.rpm xorg-x11-server-devel-1.20.8-22.oe1.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-22.oe1.x86_64.rpm xorg-x11-server-1.20.8-22.oe1.x86_64.rpm xorg-x11-server-devel-1.20.8-23.oe1.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-23.oe1.x86_64.rpm xorg-x11-server-1.20.8-23.oe1.x86_64.rpm xorg-x11-server-debuginfo-1.20.8-23.oe1.x86_64.rpm xorg-x11-server-debugsource-1.20.8-23.oe1.x86_64.rpm xorg-x11-server-1.20.8-23.oe2003sp4.x86_64.rpm xorg-x11-server-debuginfo-1.20.8-23.oe2003sp4.x86_64.rpm xorg-x11-server-Xephyr-1.20.8-23.oe2003sp4.x86_64.rpm xorg-x11-server-debugsource-1.20.8-23.oe2003sp4.x86_64.rpm xorg-x11-server-devel-1.20.8-23.oe2003sp4.x86_64.rpm xorg-x11-server-common-1.20.11-24.oe2203.x86_64.rpm xorg-x11-server-1.20.11-24.oe2203.x86_64.rpm xorg-x11-server-debugsource-1.20.11-24.oe2203.x86_64.rpm xorg-x11-server-Xnest-1.20.11-24.oe2203.x86_64.rpm xorg-x11-server-devel-1.20.11-24.oe2203.x86_64.rpm xorg-x11-server-debuginfo-1.20.11-24.oe2203.x86_64.rpm xorg-x11-server-Xdmx-1.20.11-24.oe2203.x86_64.rpm xorg-x11-server-Xephyr-1.20.11-24.oe2203.x86_64.rpm xorg-x11-server-Xvfb-1.20.11-24.oe2203.x86_64.rpm xorg-x11-server-Xephyr-1.20.11-24.oe2203sp1.x86_64.rpm xorg-x11-server-debuginfo-1.20.11-24.oe2203sp1.x86_64.rpm xorg-x11-server-Xdmx-1.20.11-24.oe2203sp1.x86_64.rpm xorg-x11-server-Xvfb-1.20.11-24.oe2203sp1.x86_64.rpm xorg-x11-server-common-1.20.11-24.oe2203sp1.x86_64.rpm xorg-x11-server-1.20.11-24.oe2203sp1.x86_64.rpm xorg-x11-server-Xnest-1.20.11-24.oe2203sp1.x86_64.rpm xorg-x11-server-debugsource-1.20.11-24.oe2203sp1.x86_64.rpm xorg-x11-server-devel-1.20.11-24.oe2203sp1.x86_64.rpm xorg-x11-server-debugsource-1.20.11-24.oe2203sp2.x86_64.rpm xorg-x11-server-debuginfo-1.20.11-24.oe2203sp2.x86_64.rpm xorg-x11-server-Xdmx-1.20.11-24.oe2203sp2.x86_64.rpm xorg-x11-server-Xvfb-1.20.11-24.oe2203sp2.x86_64.rpm xorg-x11-server-1.20.11-24.oe2203sp2.x86_64.rpm xorg-x11-server-devel-1.20.11-24.oe2203sp2.x86_64.rpm xorg-x11-server-Xnest-1.20.11-24.oe2203sp2.x86_64.rpm xorg-x11-server-Xephyr-1.20.11-24.oe2203sp2.x86_64.rpm xorg-x11-server-common-1.20.11-24.oe2203sp2.x86_64.rpm A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. 2023-12-22 CVE-2023-6377 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H xorg-x11-server security update 2023-12-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1951 A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. 2023-12-22 CVE-2023-6478 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 High 7.6 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L xorg-x11-server security update 2023-12-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1951