diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2024-01-21 20:50:08 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2024-01-22 13:30:35 +0100 |
commit | 4e883273037a35e5e60bbbb34c2e8720dba2711f (patch) | |
tree | 11c2a4dfd229868bad285ff3ff4bab76f525ffec /extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.03.patch | |
parent | 0a8de80c8a0d329636b02c3c2b80d949a9070224 (diff) | |
download | current-6af6f57b2a378c37017edbe16fea8f415b006612.tar.gz current-6af6f57b2a378c37017edbe16fea8f415b006612.tar.xz |
Sun Jan 21 20:50:08 UTC 202420240121205008_15.0
extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues. Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-21886
(* Security fix *)
Diffstat (limited to 'extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.03.patch')
-rw-r--r-- | extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.03.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.03.patch b/extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.03.patch new file mode 100644 index 000000000..1624ec161 --- /dev/null +++ b/extra/source/tigervnc/patches/xorg-server/CVE-2024-0229.03.patch @@ -0,0 +1,37 @@ +From df3c65706eb169d5938df0052059f3e0d5981b74 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Thu, 21 Dec 2023 13:48:10 +1000 +Subject: [PATCH] Xi: when creating a new ButtonClass, set the number of + buttons + +There's a racy sequence where a master device may copy the button class +from the slave, without ever initializing numButtons. This leads to a +device with zero buttons but a button class which is invalid. + +Let's copy the numButtons value from the source - by definition if we +don't have a button class yet we do not have any other slave devices +with more than this number of buttons anyway. + +CVE-2024-0229, ZDI-CAN-22678 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative +--- + Xi/exevents.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Xi/exevents.c b/Xi/exevents.c +index 54ea11a938..e161714682 100644 +--- a/Xi/exevents.c ++++ b/Xi/exevents.c +@@ -605,6 +605,7 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to) + to->button = calloc(1, sizeof(ButtonClassRec)); + if (!to->button) + FatalError("[Xi] no memory for class shift.\n"); ++ to->button->numButtons = from->button->numButtons; + } + else + classes->button = NULL; +-- +GitLab + |