diff options
author | AlanCoopersmith <AlanCoopersmith@web> | 2020-08-25 19:15:04 +0000 |
---|---|---|
committer | IkiWiki <ikiwiki.info> | 2020-08-25 19:15:04 +0000 |
commit | b0a09792174f7388a43613b4fd0a0c802bfab7c8 (patch) | |
tree | 48b2ff7e91512f5b87b21988d677222982b87b06 /Development | |
parent | fe6d2940a8c76ff104b9a3125a800e1c67f4880f (diff) |
Add July & August 2020 advisories
Diffstat (limited to 'Development')
-rw-r--r-- | Development/Security.mdwn | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/Development/Security.mdwn b/Development/Security.mdwn index ebc5d421..84155636 100644 --- a/Development/Security.mdwn +++ b/Development/Security.mdwn @@ -10,6 +10,31 @@ See the [[Security Checklist|Development/Security/Checklist]] for the list of th ## X.Org 7.7 +* August 25, 2020 Multiple input validation failures in X server extensions + * CVE-2020-14345 / ZDI CAN 11428: XkbSetNames Out-Of-Bounds Access. The handler for the XkbSetNames request does not validate the request length before accessing its contents. + * CVE-2020-14346 / ZDI CAN 11429: XIChangeHierarchy Integer Underflow. An integer underflow exists in the handler for the XIChangeHierarchy request. + * CVE-2020-14361 / ZDI CAN 11573: XkbSelectEvents Integer Underflow. An integer underflow exist in the handler for the XkbSelectEvents request. + * CVE-2020-14362 / ZDI CAN 11574: XRecordRegisterClients Integer Underflow. An integer underflow exist in the handler for the CreateRegister +request of the X record extension. + * Fixed in [[xorg-server 1.20.9|https://lists.x.org/archives/xorg-announce/2020-August/003059.html]] + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2020-August/003058.html]] for more information. + +* August 25, 2020 Double free in libX11 locale handling code + * CVE-2020-14363: There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. + * Fixed in [[libX11 1.6.12|https://lists.x.org/archives/xorg-announce/2020-August/003057.html]] + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2020-August/003056.html]] for more information. + +* July 31, 2020 Heap corruption in the X input method client in libX11 + * CVE-2020-14344: The X Input Method (XIM) client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead +to heap corruption when handling malformed messages from an input method. + * Fixed in [[libX11 1.6.10|https://lists.x.org/archives/xorg-announce/2020-July/003052.html]] + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2020-July/003050.html]] for more information. + +* July 31, 2020 X Server Pixel Data Uninitialized Memory Information Disclosure + * CVE-2020-14347: Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, which could lead to leak uninitialized heap memory to clients. + * Fixed in [[xorg-server 1.20.9|https://lists.x.org/archives/xorg-announce/2020-August/003059.html]] + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2020-July/003051.html]] for more information. + * Oct. 25, 2018 Privilege escalation and file overwrite in X.Org X server 1.19 and later CVE-2018-14665 * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2018-October/002927.html]] for more information. |