An update for xorg-x11-server is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2316 Final 1.0 1.0 2024-11-01 Initial 2024-11-01 2024-11-01 openEuler SA Tool V1.0 2024-11-01 xorg-x11-server security update An update for xorg-x11-server is now available for openEuler-22.03-LTS-SP3 X.Org X11 X server Security Fix(es): A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.(CVE-2023-5574) An update for xorg-x11-server is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High xorg-x11-server https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2316 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-5574 https://nvd.nist.gov/vuln/detail/CVE-2023-5574 openEuler-22.03-LTS-SP3 xorg-x11-server-1.20.11-33.oe2203sp3.aarch64.rpm xorg-x11-server-Xdmx-1.20.11-33.oe2203sp3.aarch64.rpm xorg-x11-server-Xephyr-1.20.11-33.oe2203sp3.aarch64.rpm xorg-x11-server-Xnest-1.20.11-33.oe2203sp3.aarch64.rpm xorg-x11-server-Xvfb-1.20.11-33.oe2203sp3.aarch64.rpm xorg-x11-server-common-1.20.11-33.oe2203sp3.aarch64.rpm xorg-x11-server-debuginfo-1.20.11-33.oe2203sp3.aarch64.rpm xorg-x11-server-debugsource-1.20.11-33.oe2203sp3.aarch64.rpm xorg-x11-server-devel-1.20.11-33.oe2203sp3.aarch64.rpm xorg-x11-server-1.20.11-33.oe2203sp3.src.rpm xorg-x11-server-1.20.11-33.oe2203sp3.x86_64.rpm xorg-x11-server-Xdmx-1.20.11-33.oe2203sp3.x86_64.rpm xorg-x11-server-Xephyr-1.20.11-33.oe2203sp3.x86_64.rpm xorg-x11-server-Xnest-1.20.11-33.oe2203sp3.x86_64.rpm xorg-x11-server-Xvfb-1.20.11-33.oe2203sp3.x86_64.rpm xorg-x11-server-common-1.20.11-33.oe2203sp3.x86_64.rpm xorg-x11-server-debuginfo-1.20.11-33.oe2203sp3.x86_64.rpm xorg-x11-server-debugsource-1.20.11-33.oe2203sp3.x86_64.rpm xorg-x11-server-devel-1.20.11-33.oe2203sp3.x86_64.rpm xorg-x11-server-help-1.20.11-33.oe2203sp3.noarch.rpm xorg-x11-server-source-1.20.11-33.oe2203sp3.noarch.rpm A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. 2024-11-01 CVE-2023-5574 openEuler-22.03-LTS-SP3 High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H xorg-x11-server security update 2024-11-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2316