CVE-2020-14346, CVE-2020-14361, CVE-2020-14362
Multiple input validation failures in X server extensions
=========================================================
All theses issuses can lead to local privileges elevation
on systems where the X server is running privileged.
* CVE-2020-14345 / ZDI CAN 11428 XkbSetNames Out-Of-Bounds Access
The handler for the XkbSetNames request does not validate the request
length before accessing its contents.
* CVE-2020-14346 / ZDI CAN 11429 XIChangeHierarchy Integer Underflow
An integer underflow exists in the handler for the XIChangeHierarchy
request.
* CVE-2020-14361 / ZDI CAN 11573 XkbSelectEvents Integer Underflow
An integer underflow exist in the handler for the XkbSelectEvents
request.
* CVE-2020-1436 / ZDI CAN 11574 XRecordRegisterClients Integer Underflow
An integer underflow exist in the handler for the CreateRegister
request of the X record extension.
Double free in libX11 locale handling code
==========================================
CVE-2020-14363
There is an integer overflow and a double free vulnerability in the way
LibX11 handles locales. The integer overflow is a necessary precursor to
the double free.
X.Org security advisory: July 31, 2020
X Server Pixel Data Uninitialized Memory Information Disclosure
===============================================================
CVE-2020-14347
Allocation for pixmap data in AllocatePixmap() does not initialize the
memory in xserver, it leads to leak uninitialize heap memory to
clients. When the X server runs with elevated privileges.
This flaw can lead to ASLR bypass, which when combined with other
flaws (known/unknown) could lead to lead to privilege elevation in the
client.
X.Org security advisory: July 31, 2020
Heap corruption in the X input method client in libX11
======================================================
CVE-2020-14344
The X Input Method (XIM) client implementation in libX11 has some
integer overflows and signed/unsigned comparison issues that can lead
to heap corruption when handling malformed messages from an input
method.
