#13967: libX11-1.6.12 (CVE-2020-14363)
-------------------------+-----------------------
 Reporter:  renodr       |      Owner:  blfs-book
     Type:  enhancement  |     Status:  new
 Priority:  high         |  Milestone:  10.1
Component:  BOOK         |    Version:  SVN
 Severity:  normal       |   Keywords:
-------------------------+-----------------------
 A new security release of libX11 has been published. This seems to be due
 to bugs in the locale handling code that can cause a double-free after an
 integer overflow.

 {{{

 Double free in libX11 locale handling code
 ==========================================

 CVE-2020-14363

 There is an integer overflow and a double free vulnerability in the way
 LibX11 handles locales. The integer overflow is a necessary precursor to
 the double free.

 Patches
 -------

 A Patch for this issue has been committed to the libX11 git repository.
 libX11 1.6.12 will be released shortly and will include this patch.

 https://gitlab.freedesktop.org/xorg/lib/libx11


 commit acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d (HEAD -> master)

     Fix an integer overflow in init_om()

     CVE-2020-14363

     This can lead to a double free later, as reported by Jayden Rivers.


 Thanks
 ------

 X.Org thanks Jayden Rivers for reporting this issue to our security
 team and assisting them in understanding them and providing fixes.

 --
 Matthieu Herrb
 }}}

 The release notes:

 {{{

 Christopher Chavez (1):
       Fix typo GCCLipYOrigin -> GCClipYOrigin in XCreateGC() manpage

 Felix Yan (1):
       Correct a typo in GetStCmap.c

 Matthieu Herrb (2):
       Fix an integer overflow in init_om()
       libX11 1.6.12

 Maya Rashish (1):
       Avoid the use of "register" keyword in XkbTranslateKeySym.

 Niclas Zeising (1):
       Fix input clients connecting to server

 git tag: libX11-1.6.12
 }}}

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/13967>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to