X.org has issued an advisory on July 31: https://www.openwall.com/lists/oss-security/2020/07/31/2 The issue is fixed upstream in 1.20.9 and patched in Cauldron by Thierry. Please file bugs if you're aware of a CVE before I am.
Upstream advisory reference: https://lists.x.org/archives/xorg-announce/2020-July/003051.html
Advisory: ======================== Updated x11-server packages fix security vulnerability: Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client (CVE-2020-14347). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14347 https://lists.x.org/archives/xorg-announce/2020-July/003051.html ======================== Updated packages in core/updates_testing: ======================== x11-server-1.20.8-1.1.mga7 x11-server-common-1.20.8-1.1.mga7 x11-server-xorg-1.20.8-1.1.mga7 x11-server-xnest-1.20.8-1.1.mga7 x11-server-xdmx-1.20.8-1.1.mga7 x11-server-xvfb-1.20.8-1.1.mga7 x11-server-xephyr-1.20.8-1.1.mga7 x11-server-xwayland-1.20.8-1.1.mga7 x11-server-devel-1.20.8-1.1.mga7 x11-server-source-1.20.8-1.1.mga7 from x11-server-1.20.8-1.1.mga7.src.rpm
Assignee: thierry.vignaud => qa-bugsCC: (none) => thierry.vignaud
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 26573. Rebooted after installation, no ill effects Run glmark2 Score: 928 has ever been slightly higher (and lower), so no concern here.
CC: (none) => herman.viaene
Real hardware - AMD Athlon x3, Nvidia 390 driver, Mate desktop The following 3 packages are going to be installed: - x11-server-common-1.20.8-1.1.mga7.x86_64 - x11-server-xorg-1.20.8-1.1.mga7.x86_64 - x11-server-xwayland-1.20.8-1.1.mga7.x86_64 worked as expected after reboot.
CC: (none) => brtians1
mga7-64 Ok here, running Plasma, nvidia-current kernel 5.7.13-3 Everything is actually updated to testing per about 12 h ago. No performance testing, but i experience no problems. CPU: i7-3770, RAM 16G, Nvidia GTX760 (GK104) using nvidia-current; GeForce 635 series and later, 4k display.
CC: (none) => fri
5.7.14-desktop-1.mga7, x86_64 Installed everything from the list then logged in to several desktop environments in succession, running quick tests to see that general operations functioned normally. NVIDIA GM204 [GeForce GTX 970] driver: nvidia v: 430.64 Dell 4K monitor. No regressions noted for these: Plasma Cinnamon Cinnamon (Software Rendering) - moving windows left a trail of intermediate immages. Enlightenment GNOME - presumably Wayland GNOME Classic IceWM session Xfce Session Mate
CC: (none) => tarazed25
Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory and package list in Comment 2.
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0335.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED