FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xorg-server -- Multiple input validation failures in X server extensions

Affected packages
xorg-server < 1.20.8_4,1
xephyr < 1.20.8_4,1
xorg-vfbserver < 1.20.8_4,1
xorg-nestserver < 1.20.8_4,1
xwayland < 1.20.8_4,1
xorg-dmx < 1.20.8_4,1

Details

VuXML ID ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335
Discovery 2020-08-25
Entry 2020-08-25

The X.org project reports:

All theses issuses can lead to local privileges elevation on systems where the X server is running privileged.

The handler for the XkbSetNames request does not validate the request length before accessing its contents.

An integer underflow exists in the handler for the XIChangeHierarchy request.

An integer underflow exist in the handler for the XkbSelectEvents request.

An integer underflow exist in the handler for the CreateRegister request of the X record extension.

[source]

References

CVE Name CVE-2020-14345
CVE Name CVE-2020-14346
CVE Name CVE-2020-14361
CVE Name CVE-2020-14362
URL https://lists.x.org/archives/xorg-announce/2020-August/003058.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.