ALSA-2021:1804

[ALSA-2021:1804] Moderate: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2021-11-12

Description:

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips.

The following packages have been upgraded to a later upstream version: egl-wayland (1.1.5), libdrm (2.4.103), libglvnd (1.3.2), libinput (1.16.3), libwacom (1.6), mesa (20.3.3), xorg-x11-server (1.20.10). (BZ#1878160, BZ#1886648, BZ#1887654, BZ#1887655)

Security Fix(es):

* xorg-x11-server: Out-of-bounds access in XkbSetNames function (CVE-2020-14345)

* xorg-x11-server: Integer underflow in the X input extension protocol (CVE-2020-14346)

* xorg-x11-server: Out-of-bounds access in XkbSetMap function (CVE-2020-14360)

* xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability (CVE-2020-14361)

* xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability (CVE-2020-14362)

* libX11: Integer overflow leads to double free in locale handling (CVE-2020-14363)

* xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability (CVE-2020-25712)

* libX11: Heap overflow in the X input method client (CVE-2020-14344)

* xorg-x11-server: Leak of uninitialized heap memory from the X server to clients in AllocatePixmap of dix/pixmap.c (CVE-2020-14347)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	xorg-x11-drivers-7.7-30.el8.aarch64.rpm	194dfee5d3d98f31991d1332846f87b7ae54d977c26f24177bcb1a6e2a7750c4
i686	xorg-x11-server-devel-1.20.10-1.el8.i686.rpm	19551232f7a85953b82c7e4ec57fb7c698056fff3d93f2c4ba3be8ded993d6d2
i686	mesa-libgbm-devel-20.3.3-2.el8.i686.rpm	1e3e2aa1a0b5f0cd5b811cf78c23a59dbaa151c8720ba79b870f848965d4d5db
i686	libinput-devel-1.16.3-1.el8.i686.rpm	39e1260023f8522143b24b8e34d89fb8eee23b96b49b6a88a284df713d213e31
i686	mesa-libOSMesa-devel-20.3.3-2.el8.i686.rpm	471bf48ccaf9bf2ad9512782b82b9ffc2b12311087a94eb610896d0f708ef622
i686	libglvnd-core-devel-1.3.2-1.el8.i686.rpm	47c925328373e9c68cfcd32644b46543e96c02bf2dd00c8ce0e50c90284c5e27
i686	libglvnd-1.3.2-1.el8.i686.rpm	56686bdea7333770ca5f8660caba4b15f9f4dd1c2125103ee9f0e99ec4759ea5
i686	libglvnd-gles-1.3.2-1.el8.i686.rpm	6a73dd41de90af27d5e902a634ccea969d4636fb5b72a2755a8beb03bb8d31b7
i686	libglvnd-opengl-1.3.2-1.el8.i686.rpm	c0eeb5070c374d040672d674c3642886e5e896e99c4728b1f4aec3570eaba06d
i686	libglvnd-devel-1.3.2-1.el8.i686.rpm	c2a1b7e0185187862a79b881b95385563e2e74870fd7f5d0d7a507def612827a
i686	libglvnd-egl-1.3.2-1.el8.i686.rpm	c657b542586b00f104268d73edd7f674865ab7fda0071020df4ace379556e525
i686	libwacom-devel-1.6-2.el8.i686.rpm	e3e0725a33b4507174708ead9ffce7d270613468d9aba06c3ce88bfb321f0beb
i686	libglvnd-glx-1.3.2-1.el8.i686.rpm	f7e52a00386d132e7491adbe94e9096c2d8b30f2a319aea9cfdac37b748406c2
noarch	xorg-x11-server-source-1.20.10-1.el8.noarch.rpm	868a17bed90a5b55365610656de1a89ddfbed3f7b7063a839803c885be0d711a
ppc64le	xorg-x11-drivers-7.7-30.el8.ppc64le.rpm	806266360393bc0baca2f38ba1aec85a57ec3a87fecb093c2cae1c4fa6a7df38
x86_64	libglvnd-egl-1.3.2-1.el8.x86_64.rpm	093ee56fb2bb6d7beec6791080292a26879c275eb12a835502e9fcad9c87879b
x86_64	libglvnd-devel-1.3.2-1.el8.x86_64.rpm	0b9b9837c38d0a3029587679efe800862a99bd2eeee350c911b5f7e5a39e2d22
x86_64	libglvnd-opengl-1.3.2-1.el8.x86_64.rpm	24809a0e81b8b5de21612c2886254b21ae30930ec9980196e9ebe501ca68d0c6
x86_64	mesa-libgbm-devel-20.3.3-2.el8.x86_64.rpm	3d923975a56e2d1bb74e3498b23660b7ada0934d4aefbae0adb2394e460b486e
x86_64	libwacom-devel-1.6-2.el8.x86_64.rpm	486c9962a01d3b291c5a1a5d9c0d2c010dbe2b3fe3039b021a01a77418af5622
x86_64	mesa-libOSMesa-devel-20.3.3-2.el8.x86_64.rpm	4d866018fe4354bc4789ed29f41e253c034b5cf6563d98cb2d637f3a73a3e31b
x86_64	xorg-x11-server-devel-1.20.10-1.el8.x86_64.rpm	6d8e73967f8f7f21d6d6ce925ff51e8a7760d45e7248f270bf7e57bca7f7ebad
x86_64	libglvnd-core-devel-1.3.2-1.el8.x86_64.rpm	90c7f8c58b672a6532cac94dde1cd4873bfda179b12dc0950acf1a287af4ab34
x86_64	libglvnd-glx-1.3.2-1.el8.x86_64.rpm	b0bde91e89a20d5046a845fbeeaf6a70e71e6ce9ead3522dd346723f40f1335f
x86_64	libglvnd-gles-1.3.2-1.el8.x86_64.rpm	d4c1604341c3a59d170f50bd69235ad6c5a1006a53baaa607ea0094eb3112c1e
x86_64	libinput-devel-1.16.3-1.el8.x86_64.rpm	d4e8336bfa5e8d01848538bfb4d9a8900389c702205ba24124e3b4649a2af618
x86_64	xorg-x11-drivers-7.7-30.el8.x86_64.rpm	eb35ae4d5ee9942e07dd445279373104b769489b6c42bc418dac5fa71b5420da
x86_64	libglvnd-1.3.2-1.el8.x86_64.rpm	f9e1480bf2664cc7a291932dc2275ae626bc7b86c08b505c72973caca25b6ca0

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.