====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN474
_____________________________________________________________________

DATE                : 26/08/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running X.Org libX11 versions prior to
                                          1.6.12.

=====================================================================
https://lists.x.org/archives/xorg-announce/2020-August/003056.html
_____________________________________________________________________


Double free in libX11 locale handling code
==========================================

CVE-2020-14363

There is an integer overflow and a double free vulnerability in the way
LibX11 handles locales. The integer overflow is a necessary precursor to
the double free.

Patches
-------

A Patch for this issue has been committed to the libX11 git repository.
libX11 1.6.12 will be released shortly and will include this patch.

https://gitlab.freedesktop.org/xorg/lib/libx11


commit acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d (HEAD -> master)

    Fix an integer overflow in init_om()

    CVE-2020-14363

    This can lead to a double free later, as reported by Jayden Rivers.


Thanks
------

X.Org thanks Jayden Rivers for reporting this issue to our security
team and assisting them in understanding them and providing fixes.


Matthieu Herrb


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================