Bug 27205

Summary: libx11 new security issue CVE-2020-14363
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: libx11-1.6.10-1.1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2020-08-26 23:04:28 CEST 
X.org has issued an advisory on August 25:
https://lists.x.org/archives/xorg-announce/2020-August/003056.html

The issue is fixed upstream in 1.6.12:
https://lists.x.org/archives/xorg-announce/2020-August/003057.html

Updated packages uploaded for Mageia 7 and Cauldron.

Advisory:
========================

Updated libx11 packages fix security vulnerability:

There is an integer overflow and a double free vulnerability in the way LibX11
handles locales. The integer overflow is a necessary precursor to the double
free (CVE-2020-14363).

The libx11 package has been updated to version 1.6.12 which fixes this issue.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14363
https://lists.x.org/archives/xorg-announce/2020-August/003053.html
https://lists.x.org/archives/xorg-announce/2020-August/003057.html
https://lists.x.org/archives/xorg-announce/2020-August/003056.html
========================

Updated packages in core/updates_testing:
========================
libx11_6-1.6.12-1.mga7
libx11-xcb1-1.6.12-1.mga7
libx11-devel-1.6.12-1.mga7
libx11-common-1.6.12-1.mga7
libx11-doc-1.6.12-1.mga7

from libx11-1.6.12-1.mga7.src.rpm
Comment 1 Aurelien Oudelet 2020-08-27 12:14:49 CEST 
Work well on mga 7 with x11-driver-nvidia-current non-free
x86_64 version
Aurelien Oudelet 2020-08-27 14:36:56 CEST

Whiteboard: (none) => MGA7-64-OK

Aurelien Oudelet 2020-08-27 14:47:40 CEST

Keywords: (none) => advisory

Aurelien Oudelet 2020-08-27 16:27:22 CEST

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Comment 2 Mageia Robot 2020-08-27 17:54:08 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0349.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED