Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2020-1302.NASL
HistoryAug 31, 2020 - 12:00 a.m.

openSUSE Security Update : xorg-x11-server (openSUSE-2020-1302)

2020-08-3100:00:00
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

This update for xorg-x11-server fixes the following issues :

  • CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426).

  • CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429).

  • CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2020-1302.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(140080);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/09/17");

  script_cve_id("CVE-2020-14345", "CVE-2020-14346", "CVE-2020-14347");

  script_name(english:"openSUSE Security Update : xorg-x11-server (openSUSE-2020-1302)");
  script_summary(english:"Check for the openSUSE-2020-1302 patch");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"This update for xorg-x11-server fixes the following issues :

  - CVE-2020-14347: Leak of uninitialized heap memory from
    the X server to clients on pixmap allocation
    (bsc#1174633, ZDI-CAN-11426).

  - CVE-2020-14346: XIChangeHierarchy Integer Underflow
    Privilege Escalation Vulnerability (bsc#1174638,
    ZDI-CAN-11429).

  - CVE-2020-14345: XKB out-of-bounds access privilege
    escalation vulnerability (bsc#1174635, ZDI-CAN-11428).

This update was imported from the SUSE:SLE-15-SP2:Update update
project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1174633"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1174635"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1174638"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected xorg-x11-server packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14346");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-extra-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-sdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-wayland");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-wayland-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/08/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/08/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/08/31");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.2", reference:"xorg-x11-server-1.20.3-lp152.8.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"xorg-x11-server-debuginfo-1.20.3-lp152.8.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"xorg-x11-server-debugsource-1.20.3-lp152.8.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"xorg-x11-server-extra-1.20.3-lp152.8.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"xorg-x11-server-extra-debuginfo-1.20.3-lp152.8.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"xorg-x11-server-sdk-1.20.3-lp152.8.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"xorg-x11-server-source-1.20.3-lp152.8.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"xorg-x11-server-wayland-1.20.3-lp152.8.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"xorg-x11-server-wayland-debuginfo-1.20.3-lp152.8.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server / xorg-x11-server-debuginfo / etc");
}
VendorProductVersionCPE
novellopensusexorg-x11-serverp-cpe:/a:novell:opensuse:xorg-x11-server
novellopensusexorg-x11-server-debuginfop-cpe:/a:novell:opensuse:xorg-x11-server-debuginfo
novellopensusexorg-x11-server-debugsourcep-cpe:/a:novell:opensuse:xorg-x11-server-debugsource
novellopensusexorg-x11-server-extrap-cpe:/a:novell:opensuse:xorg-x11-server-extra
novellopensusexorg-x11-server-extra-debuginfop-cpe:/a:novell:opensuse:xorg-x11-server-extra-debuginfo
novellopensusexorg-x11-server-sdkp-cpe:/a:novell:opensuse:xorg-x11-server-sdk
novellopensusexorg-x11-server-sourcep-cpe:/a:novell:opensuse:xorg-x11-server-source
novellopensusexorg-x11-server-waylandp-cpe:/a:novell:opensuse:xorg-x11-server-wayland
novellopensusexorg-x11-server-wayland-debuginfop-cpe:/a:novell:opensuse:xorg-x11-server-wayland-debuginfo
novellopensuse15.2cpe:/o:novell:opensuse:15.2

Related

nessus 56
openvas 32
suse 2
osv 9
debian 3
ubuntu 3
gentoo 1
oraclelinux 4
mageia 2
amazon 4
redhat 8
centos 3
freebsd 2
rocky 1
almalinux 1
alpinelinux 3
prion 3
ubuntucve 3
zdi 3
debiancve 3
redhatcve 3
cve 3
veracode 3
redos 13
altlinux 1
ibm 1
nessus
nessus
SUSE SLES15 Security Update : xorg-x11-server (SUSE-SU-2020:2326-1)
2020-08-26 00:00:00
SUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2020:2240-1)
2020-08-26 00:00:00
SUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2020:2241-1)
2020-08-26 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:2241-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:2325-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:2242-1)
2021-04-19 00:00:00
suse
suse
Security update for xorg-x11-server (important)
2020-08-29 00:00:00
Security update for xorg-x11-server (important)
2020-08-31 00:00:00
osv
osv
xorg-server - security update
2020-09-04 00:00:00
xorg-server - security update
2020-08-30 00:00:00
xorg-server vulnerabilities
2020-09-09 16:33:35
debian
debian
[SECURITY] [DSA 4758-1] xorg-server security update
2020-09-04 18:58:09
[SECURITY] [DLA 2359-1] xorg-server security update
2020-08-30 21:40:25
[SECURITY] [DSA 4758-1] xorg-server security update
2020-09-04 18:58:09
ubuntu
ubuntu
X.Org X Server vulnerabilities
2020-09-09 00:00:00
X.Org X Server vulnerabilities
2020-09-02 00:00:00
X.Org X Server vulnerability
2020-09-08 00:00:00
gentoo
gentoo
X.Org X Server: Multiple vulnerabilities
2020-12-07 00:00:00
oraclelinux
oraclelinux
xorg-x11-server security update
2020-11-06 00:00:00
xorg-x11-server security update
2020-11-06 00:00:00
userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update
2021-05-25 00:00:00
mageia
mageia
Updated x11-server packages fix security vulnerabilities
2020-08-27 18:52:56
Updated x11-server packages fix security vulnerability
2020-08-18 21:47:25
amazon
amazon
Important: xorg-x11-server
2020-12-08 21:30:00
Important: xorg-x11-server
2021-01-12 22:52:00
Important: xorg-x11-server
2020-12-16 20:31:00
redhat
redhat
(RHSA-2020:4910) Important: xorg-x11-server security update
2020-11-04 09:41:14
(RHSA-2020:4953) Important: xorg-x11-server security update
2020-11-05 08:26:47
(RHSA-2021:1804) Moderate: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update
2021-05-18 06:07:47
centos
centos
xorg security update
2020-11-06 22:19:48
xorg security update
2020-11-09 13:15:06
xorg security update
2021-02-27 14:19:46
freebsd
freebsd
xorg-server -- Multiple input validation failures in X server extensions
2020-08-25 00:00:00
xorg-server -- Pixel Data Uninitialized Memory Information Disclosure
2020-07-31 00:00:00
rocky
rocky
userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update
2021-05-18 06:07:47
almalinux
almalinux
Moderate: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update
2021-05-18 06:07:47
alpinelinux
alpinelinux
CVE-2020-14345
2020-09-15 14:15:00
CVE-2020-14346
2020-09-15 19:15:00
CVE-2020-14347
2020-08-05 14:15:00
prion
prion
Integer overflow
2020-09-15 19:15:00
Design/Logic Flaw
2020-08-05 14:15:00
Privilege escalation
2020-09-15 14:15:00
ubuntucve
ubuntucve
CVE-2020-14346
2020-08-26 00:00:00
CVE-2020-14345
2020-09-03 00:00:00
CVE-2020-14347
2020-08-05 00:00:00
zdi
zdi
X.Org Server XkbSetNames Out-Of-Bounds Access Privilege Escalation Vulnerability
2020-12-09 00:00:00
X.Org Server XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability
2020-12-09 00:00:00
X.Org Server Pixel Data Uninitialized Memory Information Disclosure Vulnerability
2020-08-04 00:00:00
debiancve
debiancve
CVE-2020-14346
2020-09-15 19:15:00
CVE-2020-14345
2020-09-15 14:15:00
CVE-2020-14347
2020-08-05 14:15:00
redhatcve
redhatcve
CVE-2020-14347
2020-07-31 16:00:11
CVE-2020-14346
2020-08-25 16:46:22
CVE-2020-14345
2020-08-25 16:07:12
cve
cve
CVE-2020-14346
2020-09-15 19:15:00
CVE-2020-14345
2020-09-15 14:15:00
CVE-2020-14347
2020-08-05 14:15:00
veracode
veracode
Privilege Escalation
2020-08-31 03:46:14
Information Disclosure
2020-08-06 21:29:19
Denial Of Service (DoS)
2020-08-31 03:46:04
redos
redos
ROS-2-633
2021-09-08 00:00:00
ROS-2-450
2021-09-08 00:00:00
ROS-2-564
2021-09-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package xorg-server version 2:1.20.9-alt1
2020-08-25 00:00:00
ibm
ibm
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs
2021-10-19 15:38:04
JSON
Related for OPENSUSE-2020-1302.NASL
nessus56openvas32suse2osv9debian3ubuntu3gentoo1oraclelinux4mageia2amazon4redhat8centos3freebsd2rocky1almalinux1alpinelinux3prion3ubuntucve3zdi3debiancve3redhatcve3cve3veracode3redos13altlinux1ibm1