[prev in list] [next in list] [prev in thread] [next in thread]
List: freedesktop-xorg
Subject: X.Org server security advisory: April 13, 2021
From: Matthieu Herrb <matthieu () herrb ! eu>
Date: 2021-04-13 14:02:29
Message-ID: YHWkdYz+OApPLBzQ () zuma ! herrb ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
X.Org server security advisory: April 13, 2021
Input validation failures in X server XInput extension
======================================================
Insufficient checks on the lengths of the XInput extension
ChangeFeedbackControl request can lead to out of bounds memory
accesses in the X server.
These issues can lead to privilege escalation for authorized clients
on systems where the X server is running privileged.
* CVE-2021-3472 / ZDI CAN 12549 XChangeFeedbackControl Integer Underflow
Patch
-----
A patch for this issue has been committed to the xorg server git
repository. xorg-server 1.20.11 and xwayland 21.1.1 will be released
shortly and will include this patch.
https://gitlab.freedesktop.org/xorg/xserver.git
commit 7aaf54a1884f71dc363f0b884e57bcb67407a6cd
Fix XChangeFeedbackControl() request underflow
CVE-2021-3472 / ZDI-CAN-1259
Thanks
======
These vulnerabilities have been discovered by Jan-Niklas Sohn working
with Trend Micro Zero Day Initiative.
--
Matthieu Herrb
["signature.asc" (application/pgp-signature)]
_______________________________________________
xorg@lists.x.org: X.Org support
Archives: http://lists.freedesktop.org/archives/xorg
Info: https://lists.x.org/mailman/listinfo/xorg
Your subscription address: %(user_address)s
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic