X.org has issued an advisory on on July 31: https://www.openwall.com/lists/oss-security/2020/07/31/1 The issue is fixed upstream in 1.6.10.
I see Shlomi built this update but people reported on IRC that there was a problem with it and it was causing issues building other packages.
It was me not Shlomi :) This update added "/usr/include/X11/extensions/XKBgeom.h" header file which is also provided by x11-proto-devel, see bug 26176 Fixed on Cauldron: http://svnweb.mageia.org/packages?view=revision&revision=1488058
CC: (none) => geiger.david68210
Thanks David! I think I've fixed the conflict. Advisory: ======================== Updated libx11 packages fix security vulnerability: The X Input Method (XIM) client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method (CVE-2020-14344). The libx11 package has been updated to version 1.6.10 which fixes this issue. The x11-proto-devel package has been updated to remove the "/usr/include/X11/extensions/XKBgeom.h" header file which has been moved to the libx11-devel package. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14344 https://lists.x.org/archives/xorg-announce/2019-June/002997.html https://lists.x.org/archives/xorg-announce/2019-October/003025.html https://lists.x.org/archives/xorg-announce/2020-July/003052.html https://lists.x.org/archives/xorg-announce/2020-July/003050.html ======================== Updated packages in core/updates_testing: ======================== x11-proto-devel-2018.4-4.1.mga7 x11-proto-doc-2018.4-4.1.mga7 libx11_6-1.6.10-1.1.mga7 libx11-xcb1-1.6.10-1.1.mga7 libx11-devel-1.6.10-1.1.mga7 libx11-common-1.6.10-1.1.mga7 libx11-doc-1.6.10-1.1.mga7 from SRPMS: x11-proto-devel-2018.4-4.1.mga7.src.rpm libx11-1.6.10-1.1.mga7.src.rpm
Assignee: bugsquad => qa-bugs
Debian has issued an advisory for this today (August 4): https://www.debian.org/lts/security/2020/dla-2312
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 23474, tried to follow Len, tried xviewer $ strace -o libx11.txt xviewer -s /mnt/beelden/fotos/ but I got: (xviewer:2235): GLib-GIO-ERROR **: 14:49:40.635: Settings schema 'org.cinnamon.desktop.thumbnailers' is not installed Trace/breakpoint trap (core dumped) This issue has been raised in the Mageia forum, no answer to it. anyway, the trace shows openat(AT_FDCWD, "/lib64/libX11.so.6", O_RDONLY|O_CLOEXEC) = 3 and openat(AT_FDCWD, "/lib64/libX11-xcb.so.1", O_RDONLY|O_CLOEXEC) = 3 long before the crash, so my guess it has nothing to do with it. And xterm runs successfully and shows a call to /lib64/libX11.so.6. So in line with Len's experience, this should be good to go.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
@Herman comment 5 That's odd - I ran $ xviewer -s /data/images/screenstars/ and the slideshow started fine. My default image viewer is eom which it appeared to use. The requires list shows libcinnamon-desktop and libxviewer, neither of which are installed here. That implies it will work in the right circumstances, like having eom installed. libxviewer may allow it to handle images natively. These are just guesses though. So, agreed, libx11 is good to go.
CC: (none) => tarazed25
Working OK here too, mga7-64, nvidia-current, plasma
CC: (none) => fri
Wow. A test, and two confirmations. Thanks, guys! Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0334.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED