Medium: libX11

Issue Overview:

A flaw was found in libX11. An integer overflow leading to a heap-buffer overflow occurs when setuid programs call XIM client functions while running with elevated privileges. The highest threat from this vulnerability are to data confidentiality and integrity as well as system vulnerability. (CVE-2020-14344)

Affected Packages:

libX11

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update libX11 to update your system.

New Packages:

aarch64:  
    libX11-1.6.7-3.amzn2.0.1.aarch64  
    libX11-devel-1.6.7-3.amzn2.0.1.aarch64  
    libX11-debuginfo-1.6.7-3.amzn2.0.1.aarch64  
  
i686:  
    libX11-1.6.7-3.amzn2.0.1.i686  
    libX11-devel-1.6.7-3.amzn2.0.1.i686  
    libX11-debuginfo-1.6.7-3.amzn2.0.1.i686  
  
noarch:  
    libX11-common-1.6.7-3.amzn2.0.1.noarch  
  
src:  
    libX11-1.6.7-3.amzn2.0.1.src  
  
x86_64:  
    libX11-1.6.7-3.amzn2.0.1.x86_64  
    libX11-devel-1.6.7-3.amzn2.0.1.x86_64  
    libX11-debuginfo-1.6.7-3.amzn2.0.1.x86_64  

Additional References

Red Hat: CVE-2020-14344

Mitre: CVE-2020-14344