mirror of
git://slackware.nl/current.git
synced 2025-01-16 15:41:42 +01:00
95fd8ef935
patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes two medium severity security issues: Fix more timing side-channel inside RSA-PSK key exchange. Fix assertion failure when verifying a certificate chain with a cycle of cross signatures. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-0553 https://www.cve.org/CVERecord?id=CVE-2024-0567 (* Security fix *) patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. Reattaching to different master device may lead to out-of-bounds memory access. Heap buffer overflow in XISendDeviceHierarchyEvent. Heap buffer overflow in DisableDevice. SELinux context corruption. SELinux unlabeled GLX PBuffer. For more information, see: https://lists.x.org/archives/xorg/2024-January/061525.html https://www.cve.org/CVERecord?id=CVE-2023-6816 https://www.cve.org/CVERecord?id=CVE-2024-0229 https://www.cve.org/CVERecord?id=CVE-2024-21885 https://www.cve.org/CVERecord?id=CVE-2024-21886 https://www.cve.org/CVERecord?id=CVE-2024-0408 https://www.cve.org/CVERecord?id=CVE-2024-0409 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. Reattaching to different master device may lead to out-of-bounds memory access. Heap buffer overflow in XISendDeviceHierarchyEvent. Heap buffer overflow in DisableDevice. SELinux unlabeled GLX PBuffer. For more information, see: https://lists.x.org/archives/xorg/2024-January/061525.html https://www.cve.org/CVERecord?id=CVE-2023-6816 https://www.cve.org/CVERecord?id=CVE-2024-0229 https://www.cve.org/CVERecord?id=CVE-2024-21885 https://www.cve.org/CVERecord?id=CVE-2024-21886 https://www.cve.org/CVERecord?id=CVE-2024-0408 (* Security fix *)
53 lines
1.7 KiB
Diff
53 lines
1.7 KiB
Diff
From 26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8 Mon Sep 17 00:00:00 2001
|
|
From: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Date: Fri, 5 Jan 2024 09:40:27 +1000
|
|
Subject: [PATCH] dix: when disabling a master, float disabled slaved devices
|
|
too
|
|
|
|
Disabling a master device floats all slave devices but we didn't do this
|
|
to already-disabled slave devices. As a result those devices kept their
|
|
reference to the master device resulting in access to already freed
|
|
memory if the master device was removed before the corresponding slave
|
|
device.
|
|
|
|
And to match this behavior, also forcibly reset that pointer during
|
|
CloseDownDevices().
|
|
|
|
Related to CVE-2024-21886, ZDI-CAN-22840
|
|
---
|
|
dix/devices.c | 12 ++++++++++++
|
|
1 file changed, 12 insertions(+)
|
|
|
|
diff --git a/dix/devices.c b/dix/devices.c
|
|
index 389d28a23c..84a6406d13 100644
|
|
--- a/dix/devices.c
|
|
+++ b/dix/devices.c
|
|
@@ -483,6 +483,13 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
|
|
flags[other->id] |= XISlaveDetached;
|
|
}
|
|
}
|
|
+
|
|
+ for (other = inputInfo.off_devices; other; other = other->next) {
|
|
+ if (!IsMaster(other) && GetMaster(other, MASTER_ATTACHED) == dev) {
|
|
+ AttachDevice(NULL, other, NULL);
|
|
+ flags[other->id] |= XISlaveDetached;
|
|
+ }
|
|
+ }
|
|
}
|
|
else {
|
|
for (other = inputInfo.devices; other; other = other->next) {
|
|
@@ -1088,6 +1095,11 @@ CloseDownDevices(void)
|
|
dev->master = NULL;
|
|
}
|
|
|
|
+ for (dev = inputInfo.off_devices; dev; dev = dev->next) {
|
|
+ if (!IsMaster(dev) && !IsFloating(dev))
|
|
+ dev->master = NULL;
|
|
+ }
|
|
+
|
|
CloseDeviceList(&inputInfo.devices);
|
|
CloseDeviceList(&inputInfo.off_devices);
|
|
|
|
--
|
|
GitLab
|
|
|