ALT Linux Team

Package xorg-server update in sisyphus on 2020-08-26

ALT-PU-2020-2670-1

Package xorg-server updated to version 1.20.9-alt1 for branch sisyphus in task 256796.

Closed vulnerabilities

Published: 2020-07-24
Modified: 2024-09-16

BDU:2020-03504

Уязвимость библиотеки шрифтов операционных систем Windows, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
References:
Published: 2020-08-14
Modified: 2025-04-23

BDU:2020-03915

Уязвимость сервера X Window System Xorg-server, связанная с некорректной инициализацией памяти, позволяющая нарушителю вызвать утечку части серверной памяти для клиента Xorg-server

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
References:
Published: 2021-01-14
Modified: 2023-11-21

BDU:2021-00126

Уязвимость функции SProcRecordQueryVersion сервера X Window System Xorg-server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: MEDIUM (5.9) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2021-01-14
Modified: 2024-09-16

BDU:2021-00127

Уязвимость функции SProcXkbSelectEvents сервера X Window System Xorg-server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: MEDIUM (5.9) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2021-01-14
Modified: 2024-09-16

BDU:2021-00128

Уязвимость функции ProcXIChangeHierarchy сервера X Window System Xorg-server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: MEDIUM (5.9) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2021-05-20
Modified: 2023-11-21

BDU:2021-02598

Уязвимость функции XkbSetNamesCheck из xkb.c сервера X Window System Xorg-server, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании

Severity: MEDIUM (5.9) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2020-09-15
Modified: 2024-11-21

CVE-2020-14345

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-09-15
Modified: 2025-08-29

CVE-2020-14346

A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-08-05
Modified: 2025-08-29

CVE-2020-14347

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2020-07-14
Modified: 2024-11-21

CVE-2020-1436

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2020-09-15
Modified: 2025-08-29

CVE-2020-14361

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-09-15
Modified: 2025-08-29

CVE-2020-14362

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top