X.org has issued an advisory on August 25: https://lists.x.org/archives/xorg-announce/2020-August/003058.html The issues are fixed upstream in 1.20.9: https://lists.x.org/archives/xorg-announce/2020-August/003059.html Updated packages uploaded for Mageia 7 and Cauldron. Advisory: ======================== Updated x11-server packages fix security vulnerabilities: The handler for the XkbSetNames request does not validate the request length before accessing its contents (CVE-2020-14345). An integer underflow exists in the handler for the XIChangeHierarchy request (CVE-2020-14346). An integer underflow exist in the handler for the XkbSelectEvents request (CVE-2020-14361). An integer underflow exist in the handler for the CreateRegister request of the X record extension (CVE-2020-14362). The x11-server package has been updated to version 1.20.9, fixing these issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14345 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14346 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14361 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14362 https://lists.x.org/archives/xorg-announce/2020-August/003059.html https://lists.x.org/archives/xorg-announce/2020-August/003058.html ======================== Updated packages in core/updates_testing: ======================== x11-server-1.20.9-1.mga7 x11-server-common-1.20.9-1.mga7 x11-server-xorg-1.20.9-1.mga7 x11-server-xnest-1.20.9-1.mga7 x11-server-xdmx-1.20.9-1.mga7 x11-server-xvfb-1.20.9-1.mga7 x11-server-xephyr-1.20.9-1.mga7 x11-server-xwayland-1.20.9-1.mga7 x11-server-devel-1.20.9-1.mga7 x11-server-source-1.20.9-1.mga7 from x11-server-1.20.9-1.mga7.src.rpm
QA Contact: (none) => securitySeverity: normal => major
Component: RPM Packages => Security
Work well with x11-driver-nvidia-current nonfree Plasma 5.15 x86_64. Suspend/Resume is OK also.
Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => advisory
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0350.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED