{"schema_version":"1.7.2","id":"OESA-2022-1834","modified":"2022-08-13T11:04:08Z","published":"2022-08-13T11:04:08Z","upstream":["CVE-2022-2320","CVE-2022-2319"],"summary":"xorg-x11-server security update","details":"X.Org X11 X server\r\n\r\nSecurity Fix(es):\r\n\r\nCVE-2022-2320/ZDI-CAN-16070: xorg-x11-server: out-of-bounds write in ProcXkbSetDeviceInfo request handler of the Xkb extension\r\n\r\nIntroduced In:\nhttps://github.com/freedesktop/xorg-xserver/commit/c06e27b2f6fd9f7b9f827623a48876a225264132\r\n\r\nFixed In:\nhttps://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc(CVE-2022-2320)\r\n\r\nCVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access\nhttps://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938\nhttps://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939(CVE-2022-2319)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"xorg-x11-server","purl":"pkg:rpm/openEuler/xorg-x11-server\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.8-11.oe1"}]}],"ecosystem_specific":{"aarch64":["xorg-x11-server-Xephyr-1.20.8-11.oe1.aarch64.rpm","xorg-x11-server-debugsource-1.20.8-11.oe1.aarch64.rpm","xorg-x11-server-devel-1.20.8-11.oe1.aarch64.rpm","xorg-x11-server-1.20.8-11.oe1.aarch64.rpm","xorg-x11-server-debuginfo-1.20.8-11.oe1.aarch64.rpm"],"noarch":["xorg-x11-server-help-1.20.8-11.oe1.noarch.rpm"],"src":["xorg-x11-server-1.20.8-11.oe1.src.rpm"],"x86_64":["xorg-x11-server-devel-1.20.8-11.oe1.x86_64.rpm","xorg-x11-server-debuginfo-1.20.8-11.oe1.x86_64.rpm","xorg-x11-server-debugsource-1.20.8-11.oe1.x86_64.rpm","xorg-x11-server-Xephyr-1.20.8-11.oe1.x86_64.rpm","xorg-x11-server-1.20.8-11.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"xorg-x11-server","purl":"pkg:rpm/openEuler/xorg-x11-server\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.8-12.oe1"}]}],"ecosystem_specific":{"aarch64":["xorg-x11-server-debuginfo-1.20.8-12.oe1.aarch64.rpm","xorg-x11-server-devel-1.20.8-12.oe1.aarch64.rpm","xorg-x11-server-debugsource-1.20.8-12.oe1.aarch64.rpm","xorg-x11-server-1.20.8-12.oe1.aarch64.rpm","xorg-x11-server-Xephyr-1.20.8-12.oe1.aarch64.rpm"],"noarch":["xorg-x11-server-help-1.20.8-12.oe1.noarch.rpm"],"src":["xorg-x11-server-1.20.8-12.oe1.src.rpm"],"x86_64":["xorg-x11-server-Xephyr-1.20.8-12.oe1.x86_64.rpm","xorg-x11-server-debugsource-1.20.8-12.oe1.x86_64.rpm","xorg-x11-server-devel-1.20.8-12.oe1.x86_64.rpm","xorg-x11-server-1.20.8-12.oe1.x86_64.rpm","xorg-x11-server-debuginfo-1.20.8-12.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS","name":"xorg-x11-server","purl":"pkg:rpm/openEuler/xorg-x11-server\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.11-7.oe2203"}]}],"ecosystem_specific":{"aarch64":["xorg-x11-server-debuginfo-1.20.11-7.oe2203.aarch64.rpm","xorg-x11-server-Xvfb-1.20.11-7.oe2203.aarch64.rpm","xorg-x11-server-Xnest-1.20.11-7.oe2203.aarch64.rpm","xorg-x11-server-Xephyr-1.20.11-7.oe2203.aarch64.rpm","xorg-x11-server-Xdmx-1.20.11-7.oe2203.aarch64.rpm","xorg-x11-server-common-1.20.11-7.oe2203.aarch64.rpm","xorg-x11-server-debugsource-1.20.11-7.oe2203.aarch64.rpm","xorg-x11-server-1.20.11-7.oe2203.aarch64.rpm","xorg-x11-server-devel-1.20.11-7.oe2203.aarch64.rpm"],"noarch":["xorg-x11-server-source-1.20.11-7.oe2203.noarch.rpm","xorg-x11-server-help-1.20.11-7.oe2203.noarch.rpm"],"src":["xorg-x11-server-1.20.11-7.oe2203.src.rpm"],"x86_64":["xorg-x11-server-devel-1.20.11-7.oe2203.x86_64.rpm","xorg-x11-server-Xdmx-1.20.11-7.oe2203.x86_64.rpm","xorg-x11-server-common-1.20.11-7.oe2203.x86_64.rpm","xorg-x11-server-Xnest-1.20.11-7.oe2203.x86_64.rpm","xorg-x11-server-debuginfo-1.20.11-7.oe2203.x86_64.rpm","xorg-x11-server-debugsource-1.20.11-7.oe2203.x86_64.rpm","xorg-x11-server-1.20.11-7.oe2203.x86_64.rpm","xorg-x11-server-Xephyr-1.20.11-7.oe2203.x86_64.rpm","xorg-x11-server-Xvfb-1.20.11-7.oe2203.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1834"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2320"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2319"}],"database_specific":{"severity":"High"}}