RHSA-2020:20560 Red Hat Xwayland Integer Overflow/Info Disclosure Fixes

Vulnerability Overview Vulnerability Name: RHSA-2020:20560 - Security Advisory Vulnerability Type: Security Update Vulnerability Description: This security update addresses multiple vulnerabilities in xorg-x11-server-Xwayland, including integer underflow, information disclosure, and denial of service issues. Impact Scope Affected Products: - Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 - Red Hat Enterprise Linux Server - AUS 9.4 x86_64 - Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 ppc64le - Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le - Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 - Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le - Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 ppc64le - Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 - Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x - Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 - Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 - Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le - Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Remediation Remediation Measures: Apply the aforementioned security update to address the following vulnerabilities: - CVE-2020-33999: xorg-x11-server-Xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling - CVE-2020-34000: xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing - CVE-2020-34001: xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption - CVE-2020-34002: xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling - CVE-2020-34003: xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access POC or Exploit Code No POC or exploit code is included on the page. Reference Links Red Hat Product Errata RHSA-2020:20560 - Security Advisory Release Date Release Date: 2020-05-26 Update Date: 2020-05-26 Summary This security update addresses multiple critical vulnerabilities in xorg-x11-server-Xwayland, affecting several versions of Red Hat Enterprise Linux. It is recommended to apply this update promptly to remediate these vulnerabilities.

Goal Reached Thanks to every supporter — we hit 100%!

RHSA-2020:20560 Red Hat Xwayland Integer Overflow/Info Disclosure Fixes

More from this source