xorg-x11-server-1.17.4-18.0.2.AXS4

エラータID: AXSA:2021-1136:01

リリース日: 
2021/01/13 Wednesday - 08:38
題名: 
xorg-x11-server-1.17.4-18.0.2.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Xorg-x11 には、xserver メモリが正しく初期化されず、 X クライアントに
サーバーの一部のメモリの内容が漏えいしてしまう問題があり、昇格した権限で
Xorg サーバーが実行される場合、ASLR をバイパスできる可能性のある
脆弱性があります。(CVE-2020-14347)

- xorg-x11-server の XkbSetDeviceInfo には、ヒープベースの
バッファーオーバーフローの問題があり、権限昇格が可能になる
脆弱性があります。(CVE-2020-25712)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2020-14347
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
CVE-2020-14360
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-25712
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. xorg-x11-server-1.17.4-18.0.2.AXS4.src.rpm
    MD5: 4bca6f85ebc3546e2b8489d03d91961e
    SHA-256: b0aacaaf535f72658cb24b5194572db29f91ab4d2ab2c3594d2788ceb3d3a426
    Size: 5.60 MB

Asianux Server 4 for x86
  1. xorg-x11-server-common-1.17.4-18.0.2.AXS4.i686.rpm
    MD5: a11542307a9cc6416cc56666641387c3
    SHA-256: 20bc2cd986a37651f42a21f413f6e710520d6b65f4f44095a436ac0ff450c873
    Size: 50.82 kB
  2. xorg-x11-server-devel-1.17.4-18.0.2.AXS4.i686.rpm
    MD5: 914690f3000ec79fbc2b9d5abedc7563
    SHA-256: 46a430f5a0f95d4997f1532d546724bff59ed011660f71b339604bbfd8efa0ab
    Size: 257.60 kB
  3. xorg-x11-server-Xephyr-1.17.4-18.0.2.AXS4.i686.rpm
    MD5: d0583f99045f784ba0388d6fab583b58
    SHA-256: 357e339dc5046dd812454e93011e8ae6745752827cbc03bd50cb4fb065155cf3
    Size: 0.97 MB
  4. xorg-x11-server-Xorg-1.17.4-18.0.2.AXS4.i686.rpm
    MD5: 81af24962b77b941cc73de53221aacea
    SHA-256: 898f4324deadd8db3b2a5094bf6338fa38d54d6cd65c1aa1851b356cf44c7817
    Size: 1.39 MB

Asianux Server 4 for x86_64
  1. xorg-x11-server-common-1.17.4-18.0.2.AXS4.x86_64.rpm
    MD5: bed89eca258431716baa6814e7664ce8
    SHA-256: ee226093cd34c7901ae0739a0de86e5634bd782341f78a3869d4faf85877765c
    Size: 50.38 kB
  2. xorg-x11-server-devel-1.17.4-18.0.2.AXS4.x86_64.rpm
    MD5: 3509a45ed6bc96b5c8e2a126add6e059
    SHA-256: 46c03ca3d4cd8a2dd03ed9c5f4423e12b04648b764d07f7e9997a62d9334bf23
    Size: 257.13 kB
  3. xorg-x11-server-Xephyr-1.17.4-18.0.2.AXS4.x86_64.rpm
    MD5: 02ae63b9e1bc75e234a1483c6c2fa4f4
    SHA-256: a44dc675aa809f57e7dd0a413ab4baed52168a7d16d8ad86ff60e920bfea982b
    Size: 0.96 MB
  4. xorg-x11-server-Xorg-1.17.4-18.0.2.AXS4.x86_64.rpm
    MD5: 0cd125cf3550d5e3df3f2e02071be159
    SHA-256: f40adc02b7d994c8cf9e211c5dc64a29f314d45f55033b65351330c21050258c
    Size: 1.41 MB