Fix use after free related to CVE-2024-21886
Resolves: RHEL-20388 Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20530
This commit is contained in:
parent
17a271c1e7
commit
620a2751af
@ -5,7 +5,7 @@
|
||||
|
||||
Name: tigervnc
|
||||
Version: 1.13.1
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
Summary: A TigerVNC remote display system
|
||||
|
||||
%global _hardened_build 1
|
||||
@ -38,7 +38,10 @@ Patch100: tigervnc-xserver120.patch
|
||||
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
|
||||
Patch101: 0001-rpath-hack.patch
|
||||
|
||||
# Upstreamable patches
|
||||
# XServer patches
|
||||
# CVE-2024-0229
|
||||
# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1251
|
||||
Patch200: xorg-CVE-2024-0229-followup.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc-c++
|
||||
@ -186,6 +189,7 @@ for all in `find . -type f -perm -001`; do
|
||||
done
|
||||
%patch100 -p1 -b .xserver120-rebased
|
||||
%patch101 -p1 -b .rpath
|
||||
%patch200 -p1 -b .xorg-CVE-2024-0229-followup
|
||||
popd
|
||||
|
||||
%patch1 -p1 -b .use-gnome-as-default-session
|
||||
@ -352,6 +356,10 @@ fi
|
||||
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||
|
||||
%changelog
|
||||
* Wed Feb 07 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8
|
||||
- Fix copy/paste error in the DeviceStateNotify
|
||||
Resolves: RHEL-20530
|
||||
|
||||
* Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7
|
||||
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
|
||||
Resolves: RHEL-20388
|
||||
|
32
xorg-CVE-2024-0229-followup.patch
Normal file
32
xorg-CVE-2024-0229-followup.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 133e0d651c5d12bf01999d6289e84e224ba77adc Mon Sep 17 00:00:00 2001
|
||||
From: Peter Hutterer <peter.hutterer@who-t.net>
|
||||
Date: Mon, 22 Jan 2024 14:22:12 +1000
|
||||
Subject: [PATCH] dix: fix valuator copy/paste error in the DeviceStateNotify
|
||||
event
|
||||
|
||||
Fixes 219c54b8a3337456ce5270ded6a67bcde53553d5
|
||||
---
|
||||
dix/enterleave.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/dix/enterleave.c b/dix/enterleave.c
|
||||
index 7b7ba1098b..c1e6ac600e 100644
|
||||
--- a/dix/enterleave.c
|
||||
+++ b/dix/enterleave.c
|
||||
@@ -619,11 +619,11 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
|
||||
ev->first_valuator = first;
|
||||
switch (ev->num_valuators) {
|
||||
case 6:
|
||||
- ev->valuator2 = v->axisVal[first + 5];
|
||||
+ ev->valuator5 = v->axisVal[first + 5];
|
||||
case 5:
|
||||
- ev->valuator2 = v->axisVal[first + 4];
|
||||
+ ev->valuator4 = v->axisVal[first + 4];
|
||||
case 4:
|
||||
- ev->valuator2 = v->axisVal[first + 3];
|
||||
+ ev->valuator3 = v->axisVal[first + 3];
|
||||
case 3:
|
||||
ev->valuator2 = v->axisVal[first + 2];
|
||||
case 2:
|
||||
--
|
||||
GitLab
|
Loading…
Reference in New Issue
Block a user