diff options
| author | Fredrik Rinnestam <fredrik@crux.nu> | 2020-12-01 19:02:53 +0100 |
|---|---|---|
| committer | Fredrik Rinnestam <fredrik@crux.nu> | 2020-12-01 19:02:53 +0100 |
| commit | d139c538191733ae53cbd8d28ce3275f95aabcdc (patch) | |
| tree | 783912ec5b1041d3ae9c53629ca519988f69150c /xorg-server | |
| parent | 37aa6033a4ceaa8cb3040d4061efb285f474b597 (diff) | |
| download | xorg-d139c538191733ae53cbd8d28ce3275f95aabcdc.tar.gz xorg-d139c538191733ae53cbd8d28ce3275f95aabcdc.tar.xz | |
[notify] xorg-server: 1.20.10. Fixes for CVE-2020-14360, CVE-2020-25712
Multiple input validation failures in X server XKB extension
============================================================
These issues can lead to privileges elevations for authorized clients
on systems where the X server is running privileged.
* CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access
Insufficient checks on the lengths of the XkbSetMap request can lead to
out of bounds memory accesses in the X server.
* CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow
Insufficient checks on input of the XkbSetDeviceInfo request can lead
to a buffer overflow on the head in the X server.
Diffstat (limited to 'xorg-server')
| -rw-r--r-- | xorg-server/.signature | 6 | ||||
| -rw-r--r-- | xorg-server/Pkgfile | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/xorg-server/.signature b/xorg-server/.signature index b16c38d7..7e6329ea 100644 --- a/xorg-server/.signature +++ b/xorg-server/.signature @@ -1,5 +1,5 @@ untrusted comment: verify with /etc/ports/xorg.pub -RWTSGWF5Q7TndLiXG/Mse5mSkOO2Qzva0uXLVaAem+/I1MX/GcGGnjNs2okLKyzG3wB5Yffqou//IE6o6W/IQ9jld2nVIqqATQQ= -SHA256 (Pkgfile) = 5e27a4794eae50de0b5ed40522481ba0889d31016808f081cc50b16aee5a0b83 +RWTSGWF5Q7TndGMXoWb+WtrcCadowj6ixbUkX1TOFZ+ysPp8DAjN6UvkF+9DZlb3fulCIF8Oe3YAI+gG02W3ayt3glv/hreengk= +SHA256 (Pkgfile) = ed42a86d4d3166f51df11f3e82373fd8e52a10056620a818986e19a45d870083 SHA256 (.footprint) = d159a275a4868001332954580ab4f70976c97a80334b157023935b36722e50cd -SHA256 (xorg-server-1.20.9.tar.bz2) = e219f2e0dfe455467939149d7cd2ee53b79b512cc1d2094ae4f5c9ed9ccd3571 +SHA256 (xorg-server-1.20.10.tar.bz2) = 977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99 diff --git a/xorg-server/Pkgfile b/xorg-server/Pkgfile index 66cf40f5..abb39b04 100644 --- a/xorg-server/Pkgfile +++ b/xorg-server/Pkgfile @@ -4,7 +4,7 @@ # Depends on: libepoxy xorg-bdftopcf xorg-font-util xorg-libdmx xorg-libxaw xorg-libxcomposite xorg-libxcursor xorg-libxfont2 xorg-libxft xorg-libxinerama xorg-libxkbfile xorg-libxres xorg-libxtst xorg-libxxf86dga xorg-mkfontscale xorg-xcb-util-keysyms name=xorg-server -version=1.20.9 +version=1.20.10 release=1 source=(https://www.x.org/releases/individual/xserver/$name-$version.tar.bz2) |