ALAS2-2021-1661

Amazon Linux 2 Security Advisory: ALAS-2021-1661
Advisory Release Date: 2021-06-16 20:37 Pacific
Advisory Updated Date: 2021-06-22 22:24 Pacific

Severity: Medium

References: CVE-2020-14344
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in libX11. An integer overflow leading to a heap-buffer overflow occurs when setuid programs call XIM client functions while running with elevated privileges. The highest threat from this vulnerability are to data confidentiality and integrity as well as system vulnerability. (CVE-2020-14344)

Affected Packages:

libX11

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update libX11 to update your system.

New Packages:

aarch64:
    libX11-1.6.7-3.amzn2.0.1.aarch64
    libX11-devel-1.6.7-3.amzn2.0.1.aarch64
    libX11-debuginfo-1.6.7-3.amzn2.0.1.aarch64

i686:
    libX11-1.6.7-3.amzn2.0.1.i686
    libX11-devel-1.6.7-3.amzn2.0.1.i686
    libX11-debuginfo-1.6.7-3.amzn2.0.1.i686

noarch:
    libX11-common-1.6.7-3.amzn2.0.1.noarch

src:
    libX11-1.6.7-3.amzn2.0.1.src

x86_64:
    libX11-1.6.7-3.amzn2.0.1.x86_64
    libX11-devel-1.6.7-3.amzn2.0.1.x86_64
    libX11-debuginfo-1.6.7-3.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2020-14344

Mitre: CVE-2020-14344

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2-2021-1661

Additional References