CVE-2020-14344

Published: 05 August 2020

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

Priority

Medium

CVSS 3 base score: 6.7

Status

Package Release Status
libx11
Launchpad, Ubuntu, Debian
Upstream
Released (2:1.6.10-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2:1.6.10-3)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2:1.6.9-2ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2:1.6.4-3ubuntu0.3)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (2:1.6.3-1ubuntu2.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:1.6.2-1ubuntu2.1+esm1)
Ubuntu 12.04 ESM (Precise Pangolin)
Released (2:1.4.99.1-0ubuntu2.5)
Patches:
Upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e
Upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488
Upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60
Upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2
Upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d
Upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b (regression fix)
Upstream: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/d15c24c8b44be5e4054c8ecd0ff9dcf2c8e18e5b (rf #2)