xorg-x11-server-1.17.4-18.0.2.AXS4

X.Org is an open-source implementation of the X Window System. It provides the
basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

xorg-x11-server: Out-of-bounds access in XkbSetMap function (CVE-2020-14360)
xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege
escalation vulnerability (CVE-2020-25712)
xorg-x11-server: Leak of uninitialized heap memory from the X server to
clients in AllocatePixmap of dix/pixmap.c (CVE-2020-14347)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2020-14347
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
CVE-2020-14360
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-25712
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.