HIGH8.8
Уязвимость библиотеки шрифтов операционных систем Windows, позволяющая нарушителю выполнить произвольный код
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0КРИТИЧЕСКАЯ 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CСсылки
ALT-PU-2020-2670-1Обновление пакета xorg-server в ветке sisyphus
Серьёзность:
Закрытые проблемы (12)
MEDIUM5.3
Уязвимость сервера X Window System Xorg-server, связанная с некорректной инициализацией памяти, позволяющая нарушителю вызвать утечку части серверной памяти для клиента Xorg-server
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NСсылки
MEDIUM5.9
Уязвимость функции SProcRecordQueryVersion сервера X Window System Xorg-server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xСРЕДНЯЯ 5.9
CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LCVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PСсылки
MEDIUM5.9
Уязвимость функции SProcXkbSelectEvents сервера X Window System Xorg-server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xСРЕДНЯЯ 5.9
CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LCVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PСсылки
MEDIUM5.9
Уязвимость функции ProcXIChangeHierarchy сервера X Window System Xorg-server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
CVSS 3.xСРЕДНЯЯ 5.9
CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LCVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PСсылки
MEDIUM5.9
Уязвимость функции XkbSetNamesCheck из xkb.c сервера X Window System Xorg-server, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
CVSS 3.xСРЕДНЯЯ 5.9
CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LCVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PСсылки
HIGH7.8
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.openwall.com/lists/oss-security/2021/01/15/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1862241
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://usn.ubuntu.com/4490-1/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1416/
- http://www.openwall.com/lists/oss-security/2021/01/15/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1862241
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://usn.ubuntu.com/4490-1/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1416/
HIGH7.8
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- https://bugzilla.redhat.com/show_bug.cgi?id=1862246
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1417/
- https://bugzilla.redhat.com/show_bug.cgi?id=1862246
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1417/
MEDIUM5.5
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347
- https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html
- https://lists.x.org/archives/xorg-announce/2020-July/003051.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-1/
- https://usn.ubuntu.com/4488-2/
- https://www.debian.org/security/2020/dsa-4758
- https://www.openwall.com/lists/oss-security/2020/07/31/2
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347
- https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html
- https://lists.x.org/archives/xorg-announce/2020-July/003051.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-1/
- https://usn.ubuntu.com/4488-2/
- https://www.debian.org/security/2020/dsa-4758
- https://www.openwall.com/lists/oss-security/2020/07/31/2
HIGH8.8
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HСсылки
- http://www.openwall.com/lists/oss-security/2020/08/25/3
- http://www.openwall.com/lists/oss-security/2020/08/25/5
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436
- https://www.zerodayinitiative.com/advisories/ZDI-20-877/
- http://www.openwall.com/lists/oss-security/2020/08/25/3
- http://www.openwall.com/lists/oss-security/2020/08/25/5
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436
- https://www.zerodayinitiative.com/advisories/ZDI-20-877/
HIGH7.8
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- https://bugzilla.redhat.com/show_bug.cgi?id=1869142
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1418/
- https://bugzilla.redhat.com/show_bug.cgi?id=1869142
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1418/
HIGH7.8
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- https://bugzilla.redhat.com/show_bug.cgi?id=1869144
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1419/
- https://bugzilla.redhat.com/show_bug.cgi?id=1869144
- https://lists.x.org/archives/xorg-announce/2020-August/003058.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-2/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1419/