QID 352294

Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2020-14362: 1869144:
CVE-2020-14362 xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability A flaw was found in X.Org Server. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-14361: 1869142:
CVE-2020-14361 xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability A flaw was found in X.Org Server. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-14346: A flaw was found in xorg-x11-server. A integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 1862246:
CVE-2020-14346 xorg-x11-server: Integer underflow in the X input extension protocol
CVE-2020-14345: 1862241:
CVE-2020-14345 xorg-x11-server: Out-of-bounds access in XkbSetNames function A flaw was found in X.Org Server. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.