PublicDateAtUSN: 2020-08-05 14:15:00 UTC Candidate: CVE-2020-14344 PublicDate: 2020-08-05 14:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14344 https://lists.x.org/archives/xorg-announce/2020-July/003050.html https://ubuntu.com/security/notices/USN-4487-1 https://ubuntu.com/security/notices/USN-4487-2 Description: An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. Ubuntu-Description: Notes: seth-arnold> Debian triage notes the original fixes introduced regression mdeslaur> a second regression was reported in bug 117 Mitigation: Bugs: https://bugs.debian.org/966691 https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116 (regression) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248549 (regression) https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/117 (regression) Priority: medium Discovered-by: Todd Carson Assigned-to: mdeslaur CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [6.7 MEDIUM] Patches_libx11: upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488 upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60 upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2 upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b (regression fix) upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/d15c24c8b44be5e4054c8ecd0ff9dcf2c8e18e5b (rf #2) upstream_libx11: released (2:1.6.10-1) precise/esm_libx11: released (2:1.4.99.1-0ubuntu2.5) trusty_libx11: ignored (out of standard support) trusty/esm_libx11: released (2:1.6.2-1ubuntu2.1+esm1) xenial_libx11: released (2:1.6.3-1ubuntu2.2) esm-infra/xenial_libx11: released (2:1.6.3-1ubuntu2.2) bionic_libx11: released (2:1.6.4-3ubuntu0.3) focal_libx11: released (2:1.6.9-2ubuntu1.1) devel_libx11: not-affected (2:1.6.10-3)