安全公告详情

NS-SA-2021-0013

2021-03-09 13:05:13

简介

important: freetype/xorg-x11-server security update

严重级别

important

主题

An update for freetype/xorg-x11-server is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

freetype: The freetype-devel package includes the static libraries and header files for the FreeType font rendering engine. Install freetype-devel if you want to develop programs which will use FreeType.
xorg-x11-server: The SDK package provides the developmental files which are necessary for developing X server driver modules, and for compiling driver modules outside of the standard X11 source code tree. Developers writing video drivers, input drivers, or other X modules should install this package.


Security Fix(es):
freetype: Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)
freetype: bugfix
xorg-x11-server: A flaw was found in the way the Xserver memory was not properly initialized. This issue leak parts of server memory to the X client. In cases where the Xorg server runs with elevated privileges, this flaw results in a possible ASLR bypass.(CVE-2020-14347)
xorg-x11-server: A flaw was found in xorg-x11-server. A integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14346)
xorg-x11-server: A flaw was found in X.Org Server. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14345)
xorg-x11-server: A flaw was found in X.Org Server. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14361)
xorg-x11-server: A flaw was found in X.Org Server. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14362)
xorg-x11-server: A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14360)
xorg-x11-server: A flaw was found in xorg-x11-server. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25712)
xorg-x11-server: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F29B5.

影响组件

  • freetype
  • xorg-x11-server

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["freetype-2.8-14.el7_9.1.x86_64.rpm","freetype-demos-2.8-14.el7_9.1.x86_64.rpm","freetype-debuginfo-2.8-14.el7_9.1.x86_64.rpm","freetype-devel-2.8-14.el7_9.1.x86_64.rpm"],"source":"freetype-2.8-14.el7_9.1.src.rpm"},{"binary":["xorg-x11-server-debuginfo-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-Xdmx-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-devel-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-Xorg-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-source-1.20.4-15.el7_9.noarch.rpm","xorg-x11-server-common-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-Xnest-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-Xephyr-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-Xvfb-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-Xwayland-1.20.4-15.el7_9.x86_64.rpm"],"source":"xorg-x11-server-1.20.4-15.el7_9.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["freetype-2.8-14.el7_9.1.x86_64.rpm","freetype-demos-2.8-14.el7_9.1.x86_64.rpm","freetype-debuginfo-2.8-14.el7_9.1.x86_64.rpm","freetype-devel-2.8-14.el7_9.1.x86_64.rpm"],"source":"freetype-2.8-14.el7_9.1.src.rpm"},{"binary":["xorg-x11-server-debuginfo-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-Xdmx-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-devel-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-Xorg-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-source-1.20.4-15.el7_9.noarch.rpm","xorg-x11-server-common-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-Xnest-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-Xephyr-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-Xvfb-1.20.4-15.el7_9.x86_64.rpm","xorg-x11-server-Xwayland-1.20.4-15.el7_9.x86_64.rpm"],"source":"xorg-x11-server-1.20.4-15.el7_9.src.rpm"}]}]}

CVE

参考