xorg-server: Multiple vulnerabilities CVE-2020-14345, CVE-2020-14346, CVE-2020-14347, CVE-2020-14361, CVE-2020-14362
CVE-2020-14345: Out-Of-Bounds access in XkbSetNames function
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Reference:
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
Patch:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/f7cd1276bbd4fe3a9700096dec33b52b8440788d
CVE-2020-14346: Integer underflow in the X input extension protocol
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents.
Reference:
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
Patch:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff
CVE-2020-14361: XkbSelectEvents Integer Underflow Privilege Escalation Vulnerability
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability
Reference:
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
Patch:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787
CVE-2020-14362: XRecordRegisterClients Integer Underflow Privilege Escalation Vulnerability
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability.
Reference:
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
Patch:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc