oss-sec mailing list archives
X.Org libX11 security advisory: August 25, 2020
From: Matthieu Herrb <matthieu () herrb eu>
Date: Tue, 25 Aug 2020 17:36:21 +0200
Double free in libX11 locale handling code ========================================== CVE-2020-14363 There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free. Patches ------- A Patch for this issue has been committed to the libX11 git repository. libX11 1.6.12 will be released shortly and will include this patch. https://gitlab.freedesktop.org/xorg/lib/libx11 commit acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d (HEAD -> master) Fix an integer overflow in init_om() CVE-2020-14363 This can lead to a double free later, as reported by Jayden Rivers. Thanks ------ X.Org thanks Jayden Rivers for reporting this issue to our security team and assisting them in understanding them and providing fixes. -- Matthieu Herrb
Current thread:
- X.Org libX11 security advisory: August 25, 2020 Matthieu Herrb (Aug 25)