X.Org libX11 security advisory: August 25, 2020
Matthieu Herrb
matthieu at herrb.eu
Tue Aug 25 15:18:33 UTC 2020
Double free in libX11 locale handling code
==========================================
CVE-2020-14363
There is an integer overflow and a double free vulnerability in the way
LibX11 handles locales. The integer overflow is a necessary precursor to
the double free.
Patches
-------
A Patch for this issue has been committed to the libX11 git repository.
libX11 1.6.12 will be released shortly and will include this patch.
https://gitlab.freedesktop.org/xorg/lib/libx11
commit acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d (HEAD -> master)
Fix an integer overflow in init_om()
CVE-2020-14363
This can lead to a double free later, as reported by Jayden Rivers.
Thanks
------
X.Org thanks Jayden Rivers for reporting this issue to our security
team and assisting them in understanding them and providing fixes.
--
Matthieu Herrb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-devel/attachments/20200825/028e367f/attachment.sig>
More information about the xorg-devel
mailing list