FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xorg-server -- Multiple input validation failures in X server XKB extension

Affected packages
xorg-server < 1.20.9_1,1
xephyr < 1.20.9_1,1
xorg-vfbserver < 1.20.9_1,1
xorg-nestserver < 1.20.9_1,1
xwayland < 1.20.9_2,1
xorg-dmx < 1.20.9_1,1

Details

VuXML ID 76c8b690-340b-11eb-a2b7-54e1ad3d6335
Discovery 2020-12-01
Entry 2020-12-01

The X.org project reports:

These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged.

Insufficient checks on the lengths of the XkbSetMap request can lead to out of bounds memory accesses in the X server.

Insufficient checks on input of the XkbSetDeviceInfo request can lead to a buffer overflow on the head in the X server.

References

CVE Name CVE-2020-14360
CVE Name CVE-2020-25712
URL https://lists.x.org/archives/xorg-announce/2020-December/003066.html