OESA-2022-1949

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1949
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1949.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-1949
Upstream
Published
2022-09-23T11:04:20Z
Modified
2025-08-12T05:09:56.027790Z
Summary
xorg-x11-server security update
Details

Security Fix(es):

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-4008)

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-4009)

A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to an out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions.(CVE-2021-4010)

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-4011)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP3 / xorg-x11-server

Package

Name
xorg-x11-server
Purl
pkg:rpm/openEuler/xorg-x11-server&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.8-12.oe1

Ecosystem specific 

{
    "aarch64": [
        "xorg-x11-server-1.20.8-12.oe1.aarch64.rpm",
        "xorg-x11-server-debuginfo-1.20.8-12.oe1.aarch64.rpm",
        "xorg-x11-server-Xephyr-1.20.8-12.oe1.aarch64.rpm",
        "xorg-x11-server-devel-1.20.8-12.oe1.aarch64.rpm",
        "xorg-x11-server-debugsource-1.20.8-12.oe1.aarch64.rpm"
    ],
    "src": [
        "xorg-x11-server-1.20.8-12.oe1.src.rpm"
    ],
    "x86_64": [
        "xorg-x11-server-devel-1.20.8-12.oe1.x86_64.rpm",
        "xorg-x11-server-debuginfo-1.20.8-12.oe1.x86_64.rpm",
        "xorg-x11-server-debugsource-1.20.8-12.oe1.x86_64.rpm",
        "xorg-x11-server-Xephyr-1.20.8-12.oe1.x86_64.rpm",
        "xorg-x11-server-1.20.8-12.oe1.x86_64.rpm"
    ],
    "noarch": [
        "xorg-x11-server-help-1.20.8-12.oe1.noarch.rpm"
    ]
}