Synopsis:          Important: xorg-x11-server security update
Advisory ID:       SLSA-2020:4910-1
Issue Date:        2020-11-04
CVE Numbers:       CVE-2020-14345
                   CVE-2020-14346
                   CVE-2020-14361
                   CVE-2020-14362

--

Security Fix(es):

* xorg-x11-server: Out-of-bounds access in XkbSetNames function
(CVE-2020-14345)

* xorg-x11-server: Integer underflow in the X input extension protocol
(CVE-2020-14346)

* xorg-x11-server: XkbSelectEvents integer underflow privilege escalation
vulnerability (CVE-2020-14361)

* xorg-x11-server: XRecordRegisterClients integer underflow privilege
escalation vulnerability (CVE-2020-14362)
--

SL7
  x86_64
    xorg-x11-server-Xephyr-1.20.4-12.el7_9.x86_64.rpm
    xorg-x11-server-Xorg-1.20.4-12.el7_9.x86_64.rpm
    xorg-x11-server-common-1.20.4-12.el7_9.x86_64.rpm
    xorg-x11-server-debuginfo-1.20.4-12.el7_9.x86_64.rpm
    xorg-x11-server-Xdmx-1.20.4-12.el7_9.x86_64.rpm
    xorg-x11-server-Xnest-1.20.4-12.el7_9.x86_64.rpm
    xorg-x11-server-Xvfb-1.20.4-12.el7_9.x86_64.rpm
    xorg-x11-server-Xwayland-1.20.4-12.el7_9.x86_64.rpm
    xorg-x11-server-debuginfo-1.20.4-12.el7_9.i686.rpm
    xorg-x11-server-devel-1.20.4-12.el7_9.i686.rpm
    xorg-x11-server-devel-1.20.4-12.el7_9.x86_64.rpm
  noarch
    xorg-x11-server-source-1.20.4-12.el7_9.noarch.rpm

- Scientific Linux Development Team