Security update for libX11 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1370-1 Final 1 1 2020-09-07T08:29:12Z current 2020-09-07T08:29:12Z 2020-09-07T08:29:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libX11 This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1370 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IOZDBASQU5F6WB6XA5TE34NSNFRLX63O/ E-Mail link for openSUSE-SU-2020:1370-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1175239 SUSE Bug 1175239 https://www.suse.com/security/cve/CVE-2020-14363/ SUSE CVE CVE-2020-14363 page openSUSE Leap 15.2 libX11-6-1.6.5-lp152.5.9.1 libX11-6-32bit-1.6.5-lp152.5.9.1 libX11-data-1.6.5-lp152.5.9.1 libX11-devel-1.6.5-lp152.5.9.1 libX11-devel-32bit-1.6.5-lp152.5.9.1 libX11-xcb1-1.6.5-lp152.5.9.1 libX11-xcb1-32bit-1.6.5-lp152.5.9.1 libX11-6-1.6.5-lp152.5.9.1 as a component of openSUSE Leap 15.2 libX11-6-32bit-1.6.5-lp152.5.9.1 as a component of openSUSE Leap 15.2 libX11-data-1.6.5-lp152.5.9.1 as a component of openSUSE Leap 15.2 libX11-devel-1.6.5-lp152.5.9.1 as a component of openSUSE Leap 15.2 libX11-devel-32bit-1.6.5-lp152.5.9.1 as a component of openSUSE Leap 15.2 libX11-xcb1-1.6.5-lp152.5.9.1 as a component of openSUSE Leap 15.2 libX11-xcb1-32bit-1.6.5-lp152.5.9.1 as a component of openSUSE Leap 15.2 An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability. CVE-2020-14363 openSUSE Leap 15.2:libX11-6-1.6.5-lp152.5.9.1 openSUSE Leap 15.2:libX11-6-32bit-1.6.5-lp152.5.9.1 openSUSE Leap 15.2:libX11-data-1.6.5-lp152.5.9.1 openSUSE Leap 15.2:libX11-devel-1.6.5-lp152.5.9.1 openSUSE Leap 15.2:libX11-devel-32bit-1.6.5-lp152.5.9.1 openSUSE Leap 15.2:libX11-xcb1-1.6.5-lp152.5.9.1 openSUSE Leap 15.2:libX11-xcb1-32bit-1.6.5-lp152.5.9.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IOZDBASQU5F6WB6XA5TE34NSNFRLX63O/ https://www.suse.com/security/cve/CVE-2020-14363.html CVE-2020-14363 https://bugzilla.suse.com/1175239 SUSE Bug 1175239