thr3ads.net - xorg announce - X.Org server security advisory: December 1, 2020 [Dec 2020]

If this information is useful, please help other people find it:
Share via:

Matthieu Herrb

2020-Dec-01 15:13 UTC

X.Org server security advisory: December 1, 2020

X.Org server security advisory: December 1, 2020


Multiple input validation failures in X server XKB extension
===========================================================
These issues can lead to privileges elevations for authorized clients
on systems where the X server is running privileged.

* CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access

Insufficient checks on the lengths of the XkbSetMap request can lead to
out of bounds memory accesses in the X server.

* CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow

Insufficient checks on input of the XkbSetDeviceInfo request can lead
to a buffer overflow on the head in the X server.

Patches
-------

Patches for these issues have been committed to the xorg server git
repository. xorg-server 1.20.10 will be released shortly and will
include these patches.


https://gitlab.freedesktop.org/xorg/xserver.git

commit 446ff2d3177087b8173fa779fa5b77a2a128988b

    Check SetMap request length carefully.
    
    Avoid out of bounds memory accesses on too short request.

    ZDI-CAN 11572 /  CVE-2020-14360


commit 87c64fc5b0db9f62f4e361444f4b60501ebf67b9

    Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows

    ZDI-CAN 11389 / CVE-2020-25712


Thanks
=====
These vulnerabilities have been discovered by Jan-Niklas Sohn working
with Trend Micro Zero Day Initiative.


-- 
Matthieu Herrb

xorg announce - Dec 2020 - X.Org server security advisory: December 1, 2020

X.Org server security advisory: December 1, 2020