From 8ff4f2f51a6cf07fc33742ce3bee81328896e49b Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Fri, 25 May 2018 23:29:36 +0000 Subject: Fri May 25 23:29:36 UTC 2018 patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.1.txz: Rebuilt. Handle removal of US/Pacific-New timezone. If we see that the machine is using this, it will be automatically switched to US/Pacific. --- ...alloc-may-allow-unauthed-client-to-crash-.patch | 41 ++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 patches/source/xorg-server/patch/xorg-server/0001-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch (limited to 'patches/source/xorg-server/patch/xorg-server/0001-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch') diff --git a/patches/source/xorg-server/patch/xorg-server/0001-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch b/patches/source/xorg-server/patch/xorg-server/0001-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch new file mode 100644 index 000000000..483bd74f9 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/0001-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch @@ -0,0 +1,41 @@ +From 2ecba31ddb5f4b953a0a811fec7fb7470b668f13 Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Fri, 17 Jan 2014 18:54:03 -0800 +Subject: [PATCH 01/31] unchecked malloc may allow unauthed client to crash + Xserver [CVE-2014-8091] + +authdes_ezdecode() calls malloc() using a length provided by the +connection handshake sent by a newly connected client in order +to authenticate to the server, so should be treated as untrusted. + +It didn't check if malloc() failed before writing to the newly +allocated buffer, so could lead to a server crash if the server +fails to allocate memory (up to UINT16_MAX bytes, since the len +field is a CARD16 in the X protocol). + +Reported-by: Ilja Van Sprundel +Signed-off-by: Alan Coopersmith +Reviewed-by: Peter Hutterer +Signed-off-by: Fedora X Ninjas +--- + os/rpcauth.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/os/rpcauth.c b/os/rpcauth.c +index bd219ac..c5bf787 100644 +--- a/os/rpcauth.c ++++ b/os/rpcauth.c +@@ -66,6 +66,10 @@ authdes_ezdecode(const char *inmsg, int len) + SVCXPRT xprt; + + temp_inmsg = malloc(len); ++ if (temp_inmsg == NULL) { ++ why = AUTH_FAILED; /* generic error, since there is no AUTH_BADALLOC */ ++ return NULL; ++ } + memmove(temp_inmsg, inmsg, len); + + memset((char *) &msg, 0, sizeof(msg)); +-- +1.9.3 + -- cgit v1.2.3