Security update for libX11 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1198-1 Final 1 1 2020-08-14T08:15:59Z current 2020-08-14T08:15:59Z 2020-08-14T08:15:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libX11 This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1198 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YV5KQYECZBOSWWBD6T2Y7PEFRM5EWYLG/ E-Mail link for openSUSE-SU-2020:1198-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1174628 SUSE Bug 1174628 https://www.suse.com/security/cve/CVE-2020-14344/ SUSE CVE CVE-2020-14344 page openSUSE Leap 15.1 libX11-6-1.6.5-lp151.4.6.1 libX11-6-32bit-1.6.5-lp151.4.6.1 libX11-data-1.6.5-lp151.4.6.1 libX11-devel-1.6.5-lp151.4.6.1 libX11-devel-32bit-1.6.5-lp151.4.6.1 libX11-xcb1-1.6.5-lp151.4.6.1 libX11-xcb1-32bit-1.6.5-lp151.4.6.1 libX11-6-1.6.5-lp151.4.6.1 as a component of openSUSE Leap 15.1 libX11-6-32bit-1.6.5-lp151.4.6.1 as a component of openSUSE Leap 15.1 libX11-data-1.6.5-lp151.4.6.1 as a component of openSUSE Leap 15.1 libX11-devel-1.6.5-lp151.4.6.1 as a component of openSUSE Leap 15.1 libX11-devel-32bit-1.6.5-lp151.4.6.1 as a component of openSUSE Leap 15.1 libX11-xcb1-1.6.5-lp151.4.6.1 as a component of openSUSE Leap 15.1 libX11-xcb1-32bit-1.6.5-lp151.4.6.1 as a component of openSUSE Leap 15.1 An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. CVE-2020-14344 openSUSE Leap 15.1:libX11-6-1.6.5-lp151.4.6.1 openSUSE Leap 15.1:libX11-6-32bit-1.6.5-lp151.4.6.1 openSUSE Leap 15.1:libX11-data-1.6.5-lp151.4.6.1 openSUSE Leap 15.1:libX11-devel-1.6.5-lp151.4.6.1 openSUSE Leap 15.1:libX11-devel-32bit-1.6.5-lp151.4.6.1 openSUSE Leap 15.1:libX11-xcb1-1.6.5-lp151.4.6.1 openSUSE Leap 15.1:libX11-xcb1-32bit-1.6.5-lp151.4.6.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YV5KQYECZBOSWWBD6T2Y7PEFRM5EWYLG/ https://www.suse.com/security/cve/CVE-2020-14344.html CVE-2020-14344 https://bugzilla.suse.com/1174628 SUSE Bug 1174628 https://bugzilla.suse.com/1174638 SUSE Bug 1174638 https://bugzilla.suse.com/1175880 SUSE Bug 1175880