{"schema_version":"1.7.2","id":"OESA-2021-1078","modified":"2021-03-05T11:02:41Z","published":"2021-03-05T11:02:41Z","upstream":["CVE-2020-25712","CVE-2020-14347"],"summary":"xorg-x11-server security update","details":"X.Org X11 X server.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25712)\r\n\r\nA flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.(CVE-2020-14347)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS","name":"xorg-x11-server","purl":"pkg:rpm/openEuler/xorg-x11-server\u0026distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.8-4.oe1"}]}],"ecosystem_specific":{"aarch64":["xorg-x11-server-debuginfo-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-Xephyr-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-devel-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-debugsource-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-debuginfo-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-Xephyr-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-devel-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-debugsource-1.20.8-4.oe1.aarch64.rpm"],"noarch":["xorg-x11-server-help-1.20.8-4.oe1.noarch.rpm","xorg-x11-server-help-1.20.8-4.oe1.noarch.rpm"],"src":["xorg-x11-server-1.20.8-4.oe1.src.rpm","xorg-x11-server-1.20.8-4.oe1.src.rpm"],"x86_64":["xorg-x11-server-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-debuginfo-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-debugsource-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-devel-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-Xephyr-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-debuginfo-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-debugsource-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-devel-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-Xephyr-1.20.8-4.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"xorg-x11-server","purl":"pkg:rpm/openEuler/xorg-x11-server\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.8-4.oe1"}]}],"ecosystem_specific":{"aarch64":["xorg-x11-server-debuginfo-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-Xephyr-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-devel-1.20.8-4.oe1.aarch64.rpm","xorg-x11-server-debugsource-1.20.8-4.oe1.aarch64.rpm"],"noarch":["xorg-x11-server-help-1.20.8-4.oe1.noarch.rpm"],"src":["xorg-x11-server-1.20.8-4.oe1.src.rpm"],"x86_64":["xorg-x11-server-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-debuginfo-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-debugsource-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-devel-1.20.8-4.oe1.x86_64.rpm","xorg-x11-server-Xephyr-1.20.8-4.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1078"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25712"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14347"}],"database_specific":{"severity":"High"}}