Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-14344

Published: 5 August 2020

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

Notes

AuthorNote
seth-arnold 
Debian triage notes the original fixes introduced regression
mdeslaur 
a second regression was reported in bug 117

Priority

Medium

Cvss 3 Severity Score

6.7

Score breakdown

Status

Package Release Status
libx11
Launchpad, Ubuntu, Debian 		bionic
Released (2:1.6.4-3ubuntu0.3)
focal
Released (2:1.6.9-2ubuntu1.1)
trusty
Released (2:1.6.2-1ubuntu2.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream
Released (2:1.6.10-1)
xenial
Released (2:1.6.3-1ubuntu2.2)
Patches:
upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e
upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488
upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60
upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2
upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d
upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b
upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/d15c24c8b44be5e4054c8ecd0ff9dcf2c8e18e5b

Severity score breakdown

Parameter Value
Base score 6.7
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading