Threat Encyclopedia

RHSA-2021:1804-Security Advisory

Description

The vulnerabilities in the following products could cause the system to become vulnerable to malicious security attack: egl-wayland

Analysis

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. The following packages have been upgraded to a later upstream version: egl-wayland (1.1.5), libdrm (2.4.103), libglvnd (1.3.2), libinput (1.16.3), libwacom (1.6), mesa (20.3.3), xorg-x11-server (1.20.10). (BZ#1878160, BZ#1886648, BZ#1887654, BZ#1887655) Security Fix(es): xorg-x11-server: Out-of-bounds access in XkbSetNames function (CVE-2020-14345) xorg-x11-server: Integer underflow in the X input extension protocol (CVE-2020-14346) xorg-x11-server: Out-of-bounds access in XkbSetMap function (CVE-2020-14360) xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability (CVE-2020-14361) xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability (CVE-2020-14362) libX11: Integer overflow leads to double free in locale handling (CVE-2020-14363) xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability (CVE-2020-25712) libX11: Heap overflow in the X input method client (CVE-2020-14344) xorg-x11-server: Leak of uninitialized heap memory from the X server to clients in AllocatePixmap of dix/pixmap.c (CVE-2020-14347) xorg-x11-server: Out-of-bounds access in XkbSetNames function (CVE-2020-14345) xorg-x11-server: Integer underflow in the X input extension protocol (CVE-2020-14346) xorg-x11-server: Out-of-bounds access in XkbSetMap function (CVE-2020-14360) xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability (CVE-2020-14361) xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability (CVE-2020-14362) libX11: Integer overflow leads to double free in locale handling (CVE-2020-14363) xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability (CVE-2020-25712) libX11: Heap overflow in the X input method client (CVE-2020-14344) xorg-x11-server: Leak of uninitialized heap memory from the X server to clients in AllocatePixmap of dix/pixmap.c (CVE-2020-14347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258

Affected Products

egl-wayland