Multiple input validation failures in X server XKB extension
============================================================
These issues can lead to privileges elevations for authorized clients
on systems where the X server is running privileged.
* CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access
Insufficient checks on the lengths of the XkbSetMap request can lead to
out of bounds memory accesses in the X server.
* CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow
Insufficient checks on input of the XkbSetDeviceInfo request can lead
to a buffer overflow on the head in the X server.
CVE-2020-14346, CVE-2020-14361, CVE-2020-14362
Multiple input validation failures in X server extensions
=========================================================
All theses issuses can lead to local privileges elevation
on systems where the X server is running privileged.
* CVE-2020-14345 / ZDI CAN 11428 XkbSetNames Out-Of-Bounds Access
The handler for the XkbSetNames request does not validate the request
length before accessing its contents.
* CVE-2020-14346 / ZDI CAN 11429 XIChangeHierarchy Integer Underflow
An integer underflow exists in the handler for the XIChangeHierarchy
request.
* CVE-2020-14361 / ZDI CAN 11573 XkbSelectEvents Integer Underflow
An integer underflow exist in the handler for the XkbSelectEvents
request.
* CVE-2020-1436 / ZDI CAN 11574 XRecordRegisterClients Integer Underflow
An integer underflow exist in the handler for the CreateRegister
request of the X record extension.
X.Org security advisory: July 31, 2020
X Server Pixel Data Uninitialized Memory Information Disclosure
===============================================================
CVE-2020-14347
Allocation for pixmap data in AllocatePixmap() does not initialize the
memory in xserver, it leads to leak uninitialize heap memory to
clients. When the X server runs with elevated privileges.
This flaw can lead to ASLR bypass, which when combined with other
flaws (known/unknown) could lead to lead to privilege elevation in the
client.
