#13967: libX11-1.6.12 (CVE-2020-14363)
-------------------------+-----------------------
Reporter: renodr | Owner: blfs-book
Type: enhancement | Status: new
Priority: high | Milestone: 10.1
Component: BOOK | Version: SVN
Severity: normal | Keywords:
-------------------------+-----------------------
A new security release of libX11 has been published. This seems to be due
to bugs in the locale handling code that can cause a double-free after an
integer overflow.
{{{
Double free in libX11 locale handling code
==========================================
CVE-2020-14363
There is an integer overflow and a double free vulnerability in the way
LibX11 handles locales. The integer overflow is a necessary precursor to
the double free.
Patches
-------
A Patch for this issue has been committed to the libX11 git repository.
libX11 1.6.12 will be released shortly and will include this patch.
https://gitlab.freedesktop.org/xorg/lib/libx11
commit acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d (HEAD -> master)
Fix an integer overflow in init_om()
CVE-2020-14363
This can lead to a double free later, as reported by Jayden Rivers.
Thanks
------
X.Org thanks Jayden Rivers for reporting this issue to our security
team and assisting them in understanding them and providing fixes.
--
Matthieu Herrb
}}}
The release notes:
{{{
Christopher Chavez (1):
Fix typo GCCLipYOrigin -> GCClipYOrigin in XCreateGC() manpage
Felix Yan (1):
Correct a typo in GetStCmap.c
Matthieu Herrb (2):
Fix an integer overflow in init_om()
libX11 1.6.12
Maya Rashish (1):
Avoid the use of "register" keyword in XkbTranslateKeySym.
Niclas Zeising (1):
Fix input clients connecting to server
git tag: libX11-1.6.12
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/13967>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
