First published: Thu Jul 30 2020(Updated: )
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
X.Org libX11 | <1.6.10 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
Fedoraproject Fedora | =33 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 | |
redhat/libX11 | <1.6.10 | 1.6.10 |
ubuntu/libx11 | <2:1.6.2-1ubuntu2.1+ | 2:1.6.2-1ubuntu2.1+ |
ubuntu/libx11 | <2:1.6.10-1 | 2:1.6.10-1 |
ubuntu/libx11 | <2:1.6.4-3ubuntu0.3 | 2:1.6.4-3ubuntu0.3 |
ubuntu/libx11 | <2:1.6.9-2ubuntu1.1 | 2:1.6.9-2ubuntu1.1 |
ubuntu/libx11 | <2:1.6.3-1ubuntu2.2 | 2:1.6.3-1ubuntu2.2 |
debian/libx11 | 2:1.6.7-1+deb10u2 2:1.6.7-1+deb10u4 2:1.7.2-1+deb11u2 2:1.8.4-2+deb12u2 2:1.8.7-1 |
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/d15c24c8b44be5e4054c8ecd0ff9dcf2c8e18e5b
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this security issue is CVE-2020-14344.
CVE-2020-14344 has a severity level of medium.
The affected software for CVE-2020-14344 includes X.Org libX11, Ubuntu, Red Hat, IBM Cloud Pak for Security, Fedora, Canonical Ubuntu Linux, and openSUSE Leap.
A local attacker can exploit CVE-2020-14344 by sending specially-crafted messages to the X Input Method (XIM) client implementation.
Yes, there are remedies available for CVE-2020-14344. Please refer to the provided references for more information.