slackware-current/patches/source/xorg-server-xwayland/CVE-2022-4283.patch

From ccdd431cd8f1cabae9d744f0514b6533c438908c Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 5 Dec 2022 15:55:54 +1000
Subject: [PATCH] xkb: reset the radio_groups pointer to NULL after freeing it

Unlike other elements of the keymap, this pointer was freed but not
reset. On a subsequent XkbGetKbdByName request, the server may access
already freed memory.

CVE-2022-4283, ZDI-CAN-19530

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
---
 xkb/xkbUtils.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c
index dd089c204..3f5791a18 100644
--- a/xkb/xkbUtils.c
+++ b/xkb/xkbUtils.c
@@ -1326,6 +1326,7 @@ _XkbCopyNames(XkbDescPtr src, XkbDescPtr dst)
         }
         else {
             free(dst->names->radio_groups);
+            dst->names->radio_groups = NULL;
         }
         dst->names->num_rg = src->names->num_rg;
 
-- 
GitLab
Wed Dec 14 21:19:34 UTC 2022 patches/packages/mozilla-firefox-102.6.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.6.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/ https://www.cve.org/CVERecord?id=CVE-2022-46880 https://www.cve.org/CVERecord?id=CVE-2022-46872 https://www.cve.org/CVERecord?id=CVE-2022-46881 https://www.cve.org/CVERecord?id=CVE-2022-46874 https://www.cve.org/CVERecord?id=CVE-2022-46875 https://www.cve.org/CVERecord?id=CVE-2022-46882 https://www.cve.org/CVERecord?id=CVE-2022-46878 (* Security fix ) patches/packages/mozilla-thunderbird-102.6.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.6.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/ https://www.cve.org/CVERecord?id=CVE-2022-46880 https://www.cve.org/CVERecord?id=CVE-2022-46872 https://www.cve.org/CVERecord?id=CVE-2022-46881 https://www.cve.org/CVERecord?id=CVE-2022-46874 https://www.cve.org/CVERecord?id=CVE-2022-46875 https://www.cve.org/CVERecord?id=CVE-2022-46882 https://www.cve.org/CVERecord?id=CVE-2022-46878 ( Security fix ) patches/packages/xorg-server-1.20.14-x86_64-5_slack15.0.txz: Rebuilt. This release fixes 6 recently reported security vulnerabilities in various extensions. For more information, see: https://lists.x.org/archives/xorg-announce/2022-December/003302.html https://www.cve.org/CVERecord?id=CVE-2022-46340 https://www.cve.org/CVERecord?id=CVE-2022-46341 https://www.cve.org/CVERecord?id=CVE-2022-46342 https://www.cve.org/CVERecord?id=CVE-2022-46343 https://www.cve.org/CVERecord?id=CVE-2022-46344 https://www.cve.org/CVERecord?id=CVE-2022-4283 ( Security fix ) patches/packages/xorg-server-xephyr-1.20.14-x86_64-5_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-5_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-5_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-4_slack15.0.txz: Rebuilt. This release fixes 6 recently reported security vulnerabilities in various extensions. For more information, see: https://lists.x.org/archives/xorg-announce/2022-December/003302.html https://www.cve.org/CVERecord?id=CVE-2022-46340 https://www.cve.org/CVERecord?id=CVE-2022-46341 https://www.cve.org/CVERecord?id=CVE-2022-46342 https://www.cve.org/CVERecord?id=CVE-2022-46343 https://www.cve.org/CVERecord?id=CVE-2022-46344 https://www.cve.org/CVERecord?id=CVE-2022-4283 ( Security fix *) 2022-12-14 22:19:34 +01:00			`From ccdd431cd8f1cabae9d744f0514b6533c438908c Mon Sep 17 00:00:00 2001`
			`From: Peter Hutterer <peter.hutterer@who-t.net>`
			`Date: Mon, 5 Dec 2022 15:55:54 +1000`
			`Subject: [PATCH] xkb: reset the radio_groups pointer to NULL after freeing it`

			`Unlike other elements of the keymap, this pointer was freed but not`
			`reset. On a subsequent XkbGetKbdByName request, the server may access`
			`already freed memory.`

			`CVE-2022-4283, ZDI-CAN-19530`

			`This vulnerability was discovered by:`
			`Jan-Niklas Sohn working with Trend Micro Zero Day Initiative`

			`Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>`
			`Acked-by: Olivier Fourdan <ofourdan@redhat.com>`
			`---`
			`xkb/xkbUtils.c \| 1 +`
			`1 file changed, 1 insertion(+)`

			`diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c`
			`index dd089c204..3f5791a18 100644`
			`--- a/xkb/xkbUtils.c`
			`+++ b/xkb/xkbUtils.c`
			`@@ -1326,6 +1326,7 @@ _XkbCopyNames(XkbDescPtr src, XkbDescPtr dst)`
			`}`
			`else {`
			`free(dst->names->radio_groups);`
			`+ dst->names->radio_groups = NULL;`
			`}`
			`dst->names->num_rg = src->names->num_rg;`

			`--`
			`GitLab`