Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2021:1804: Red Hat Security Advisory: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update

An update for the userspace graphics, including X.Org, and Mesa is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. The following packages have been upgraded to a later upstream version: egl-wayland (1.1.5), libdrm (2.4.103), libglvnd (1.3.2), libinput (1.16.3), libwacom (1.6), mesa (20.3.3), xorg-x11-server (1.20.10). (BZ#1878160, BZ#1886648, BZ#1887654, BZ#1887655) Security Fix(es):

  • xorg-x11-server: Out-of-bounds access in XkbSetNames function (CVE-2020-14345)
  • xorg-x11-server: Integer underflow in the X input extension protocol (CVE-2020-14346)
  • xorg-x11-server: Out-of-bounds access in XkbSetMap function (CVE-2020-14360)
  • xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability (CVE-2020-14361)
  • xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability (CVE-2020-14362)
  • libX11: Integer overflow leads to double free in locale handling (CVE-2020-14363)
  • xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability (CVE-2020-25712)
  • libX11: Heap overflow in the X input method client (CVE-2020-14344)
  • xorg-x11-server: Leak of uninitialized heap memory from the X server to clients in AllocatePixmap of dix/pixmap.c (CVE-2020-14347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Related CVEs:
  • CVE-2020-14344: libX11: Heap overflow in the X input method client
  • CVE-2020-14345: xorg-x11-server: Out-of-bounds access in XkbSetNames function
  • CVE-2020-14346: xorg-x11-server: Integer underflow in the X input extension protocol
  • CVE-2020-14347: xorg-x11-server: Leak of uninitialized heap memory from the X server to clients in AllocatePixmap of dix/pixmap.c
  • CVE-2020-14360: xorg-x11-server: Out-of-bounds access in XkbSetMap function
  • CVE-2020-14361: xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability
  • CVE-2020-14362: xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability
  • CVE-2020-14363: libX11: integer overflow leads to double free in locale handling
  • CVE-2020-25712: xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability
Red Hat Security Data
Open in Source
#vulnerability#linux#red_hat

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data