| Summary: | x11-server new security issue CVE-2020-14347 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | brtians1, davidwhodgins, fri, herman.viaene, sysadmin-bugs, tarazed25, thierry.vignaud |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | x11-server-1.20.8-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-08-03 23:22:17 CEST
Upstream advisory reference: https://lists.x.org/archives/xorg-announce/2020-July/003051.html Advisory: ======================== Updated x11-server packages fix security vulnerability: Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client (CVE-2020-14347). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14347 https://lists.x.org/archives/xorg-announce/2020-July/003051.html ======================== Updated packages in core/updates_testing: ======================== x11-server-1.20.8-1.1.mga7 x11-server-common-1.20.8-1.1.mga7 x11-server-xorg-1.20.8-1.1.mga7 x11-server-xnest-1.20.8-1.1.mga7 x11-server-xdmx-1.20.8-1.1.mga7 x11-server-xvfb-1.20.8-1.1.mga7 x11-server-xephyr-1.20.8-1.1.mga7 x11-server-xwayland-1.20.8-1.1.mga7 x11-server-devel-1.20.8-1.1.mga7 x11-server-source-1.20.8-1.1.mga7 from x11-server-1.20.8-1.1.mga7.src.rpm Assignee:
thierry.vignaud =>
qa-bugs MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 26573. Rebooted after installation, no ill effects Run glmark2 Score: 928 has ever been slightly higher (and lower), so no concern here. CC:
(none) =>
herman.viaene Real hardware - AMD Athlon x3, Nvidia 390 driver, Mate desktop The following 3 packages are going to be installed: - x11-server-common-1.20.8-1.1.mga7.x86_64 - x11-server-xorg-1.20.8-1.1.mga7.x86_64 - x11-server-xwayland-1.20.8-1.1.mga7.x86_64 worked as expected after reboot. CC:
(none) =>
brtians1 mga7-64 Ok here, running Plasma, nvidia-current kernel 5.7.13-3 Everything is actually updated to testing per about 12 h ago. No performance testing, but i experience no problems. CPU: i7-3770, RAM 16G, Nvidia GTX760 (GK104) using nvidia-current; GeForce 635 series and later, 4k display. CC:
(none) =>
fri 5.7.14-desktop-1.mga7, x86_64 Installed everything from the list then logged in to several desktop environments in succession, running quick tests to see that general operations functioned normally. NVIDIA GM204 [GeForce GTX 970] driver: nvidia v: 430.64 Dell 4K monitor. No regressions noted for these: Plasma Cinnamon Cinnamon (Software Rendering) - moving windows left a trail of intermediate immages. Enlightenment GNOME - presumably Wayland GNOME Classic IceWM session Xfce Session Mate CC:
(none) =>
tarazed25
David Walser
2020-08-16 15:57:26 CEST
Whiteboard:
(none) =>
MGA7-64-OK
David Walser
2020-08-16 16:08:25 CEST
Keywords:
(none) =>
validated_update
Dave Hodgins
2020-08-18 19:28:05 CEST
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0335.html Resolution:
(none) =>
FIXED |