In X.Org Server and libX11 revealed :
- - Lack of memory initialization when allocating buffers for pixmaps by calling AllocatePixmap() can cause the X client to leak memory contents from the heap when the X server is running with elevated privileges. This leak can be used to bypass Address Space Randomization (ASLR) technology. In combination with other vulnerabilities, the problem can be used to create an exploit to increase privileges in the system. Fixes are still available as patches.
a corrective release of X.Org Server 1.20.9 is expected in the coming days. - is an integer overflow in the XIM (Input Method) implementation in libX11, which can lead to memory corruption on the heap when handling specially crafted messages from the input method.
Issue fixed in release .
Source: opennet.ru