CVE-2020-14346, CVE-2020-14361, CVE-2020-14362
Multiple input validation failures in X server extensions
=========================================================
All theses issuses can lead to local privileges elevation
on systems where the X server is running privileged.
* CVE-2020-14345 / ZDI CAN 11428 XkbSetNames Out-Of-Bounds Access
The handler for the XkbSetNames request does not validate the request
length before accessing its contents.
* CVE-2020-14346 / ZDI CAN 11429 XIChangeHierarchy Integer Underflow
An integer underflow exists in the handler for the XIChangeHierarchy
request.
* CVE-2020-14361 / ZDI CAN 11573 XkbSelectEvents Integer Underflow
An integer underflow exist in the handler for the XkbSelectEvents
request.
* CVE-2020-1436 / ZDI CAN 11574 XRecordRegisterClients Integer Underflow
An integer underflow exist in the handler for the CreateRegister
request of the X record extension.
Double free in libX11 locale handling code
==========================================
CVE-2020-14363
There is an integer overflow and a double free vulnerability in the way
LibX11 handles locales. The integer overflow is a necessary precursor to
the double free.
X.Org security advisory: July 31, 2020
X Server Pixel Data Uninitialized Memory Information Disclosure
===============================================================
CVE-2020-14347
Allocation for pixmap data in AllocatePixmap() does not initialize the
memory in xserver, it leads to leak uninitialize heap memory to
clients. When the X server runs with elevated privileges.
This flaw can lead to ASLR bypass, which when combined with other
flaws (known/unknown) could lead to lead to privilege elevation in the
client.
X.Org security advisory: July 31, 2020
Heap corruption in the X input method client in libX11
======================================================
CVE-2020-14344
The X Input Method (XIM) client implementation in libX11 has some
integer overflows and signed/unsigned comparison issues that can lead
to heap corruption when handling malformed messages from an input
method.
upstream switched from autotools to meson, thus all libtool file
are gone. Rebuild all ports dependent on libdrm to fix wrong entries
in their *.la files, probably most of xorg-xf86-video-*.
Use the following script to find problematic ports:
for f in $(grep -lrs libdrm.la /usr/lib); do pkginfo -o $f | \
awk '!/^Package/ {print $1}'; done | sort -u