Summary: | <x11-base/xorg-server-1.20.10: Multiple vulnerabilities (CVE-2020-{14360,25712}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | x11 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 734976, 758461 |
Description
Sam James
2020-12-01 15:22:41 UTC
(In reply to Sam James from comment #0) > "* CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access > > Insufficient checks on the lengths of the XkbSetMap request can lead to > out of bounds memory accesses in the X server. > https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b > * CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow > > Insufficient checks on input of the XkbSetDeviceInfo request can lead > to a buffer overflow on the head in the X server." https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9 ---- 1.20.10 coming shortly, which will let us move forward with bug 734976 too. Let us know when ready to stable. amd64 done arm64 done Added to an existing GLSA. This issue was resolved and addressed in GLSA 202012-01 at https://security.gentoo.org/glsa/202012-01 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architectures. x86 stable arm done sparc stable ppc/ppc64 stable hppa -> ~hppa all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=742cbbb13e8f4b7ae4849311aef7be500c39868a commit 742cbbb13e8f4b7ae4849311aef7be500c39868a Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2020-12-31 16:53:24 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2020-12-31 16:58:53 +0000 x11-base/xorg-server: Drop old versions Bug: https://bugs.gentoo.org/757882 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xorg-server/Manifest | 1 - x11-base/xorg-server/metadata.xml | 1 - x11-base/xorg-server/xorg-server-1.20.8-r1.ebuild | 238 ---------------------- 3 files changed, 240 deletions(-) Tree is clean, all done! |