HIGH8.8
Уязвимость библиотеки шрифтов операционных систем Windows, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CReferences
ALT-PU-2020-2670-1Package update xorg-server in branch sisyphus
Severity:
Closed issues (12)
MEDIUM5.3
Уязвимость сервера X Window System Xorg-server, связанная с некорректной инициализацией памяти, позволяющая нарушителю вызвать утечку части серверной памяти для клиента Xorg-server
CVSS 3.xMEDIUM 5.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NReferences
MEDIUM5.9
Уязвимость функции SProcRecordQueryVersion сервера X Window System Xorg-server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xMEDIUM 5.9
CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LCVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PReferences
MEDIUM5.9
Уязвимость функции SProcXkbSelectEvents сервера X Window System Xorg-server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xMEDIUM 5.9
CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LCVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PReferences
MEDIUM5.9
Уязвимость функции ProcXIChangeHierarchy сервера X Window System Xorg-server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xMEDIUM 5.9
CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LCVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PReferences
MEDIUM5.9
Уязвимость функции XkbSetNamesCheck из xkb.c сервера X Window System Xorg-server, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
CVSS 3.xMEDIUM 5.9
CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LCVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PReferences
HIGH7.8
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
- http://www.openwall.com/lists/oss-security/2021/01/15/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1862241
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://usn.ubuntu.com/4490-1/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1416/
- http://www.openwall.com/lists/oss-security/2021/01/15/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1862241
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://usn.ubuntu.com/4490-1/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1416/
HIGH7.8
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
- https://bugzilla.redhat.com/show_bug.cgi?id=1862246
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1417/
- https://bugzilla.redhat.com/show_bug.cgi?id=1862246
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1417/
MEDIUM5.5
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NReferences
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347
- https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html
- https://lists.x.org/archives/xorg-announce/2020-July/003051.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-1/
- https://usn.ubuntu.com/4488-2/
- https://www.debian.org/security/2020/dsa-4758
- https://www.openwall.com/lists/oss-security/2020/07/31/2
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347
- https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html
- https://lists.x.org/archives/xorg-announce/2020-July/003051.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-1/
- https://usn.ubuntu.com/4488-2/
- https://www.debian.org/security/2020/dsa-4758
- https://www.openwall.com/lists/oss-security/2020/07/31/2
HIGH8.8
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://www.openwall.com/lists/oss-security/2020/08/25/3
- http://www.openwall.com/lists/oss-security/2020/08/25/5
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436
- https://www.zerodayinitiative.com/advisories/ZDI-20-877/
- http://www.openwall.com/lists/oss-security/2020/08/25/3
- http://www.openwall.com/lists/oss-security/2020/08/25/5
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436
- https://www.zerodayinitiative.com/advisories/ZDI-20-877/
HIGH7.8
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
- https://bugzilla.redhat.com/show_bug.cgi?id=1869142
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1418/
- https://bugzilla.redhat.com/show_bug.cgi?id=1869142
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1418/
HIGH7.8
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
- https://bugzilla.redhat.com/show_bug.cgi?id=1869144
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1419/
- https://bugzilla.redhat.com/show_bug.cgi?id=1869144
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1419/