mirror of
git://slackware.nl/current.git
synced 2024-12-31 10:28:29 +01:00
95fd8ef935
patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
Fix more timing side-channel inside RSA-PSK key exchange.
Fix assertion failure when verifying a certificate chain with a cycle of
cross signatures.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0553
https://www.cve.org/CVERecord?id=CVE-2024-0567
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux context corruption.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
(* Security fix *)
37 lines
1.3 KiB
Diff
37 lines
1.3 KiB
Diff
From df3c65706eb169d5938df0052059f3e0d5981b74 Mon Sep 17 00:00:00 2001
|
|
From: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Date: Thu, 21 Dec 2023 13:48:10 +1000
|
|
Subject: [PATCH] Xi: when creating a new ButtonClass, set the number of
|
|
buttons
|
|
|
|
There's a racy sequence where a master device may copy the button class
|
|
from the slave, without ever initializing numButtons. This leads to a
|
|
device with zero buttons but a button class which is invalid.
|
|
|
|
Let's copy the numButtons value from the source - by definition if we
|
|
don't have a button class yet we do not have any other slave devices
|
|
with more than this number of buttons anyway.
|
|
|
|
CVE-2024-0229, ZDI-CAN-22678
|
|
|
|
This vulnerability was discovered by:
|
|
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
|
---
|
|
Xi/exevents.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/Xi/exevents.c b/Xi/exevents.c
|
|
index 54ea11a938..e161714682 100644
|
|
--- a/Xi/exevents.c
|
|
+++ b/Xi/exevents.c
|
|
@@ -605,6 +605,7 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
|
|
to->button = calloc(1, sizeof(ButtonClassRec));
|
|
if (!to->button)
|
|
FatalError("[Xi] no memory for class shift.\n");
|
|
+ to->button->numButtons = from->button->numButtons;
|
|
}
|
|
else
|
|
classes->button = NULL;
|
|
--
|
|
GitLab
|
|
|