Fix use after free related to CVE-2024-21886
Resolves: RHEL-20388 Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20530
This commit is contained in:
parent
17a271c1e7
commit
620a2751af
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
Name: tigervnc
|
Name: tigervnc
|
||||||
Version: 1.13.1
|
Version: 1.13.1
|
||||||
Release: 7%{?dist}
|
Release: 8%{?dist}
|
||||||
Summary: A TigerVNC remote display system
|
Summary: A TigerVNC remote display system
|
||||||
|
|
||||||
%global _hardened_build 1
|
%global _hardened_build 1
|
||||||
@ -38,7 +38,10 @@ Patch100: tigervnc-xserver120.patch
|
|||||||
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
|
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
|
||||||
Patch101: 0001-rpath-hack.patch
|
Patch101: 0001-rpath-hack.patch
|
||||||
|
|
||||||
# Upstreamable patches
|
# XServer patches
|
||||||
|
# CVE-2024-0229
|
||||||
|
# https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1251
|
||||||
|
Patch200: xorg-CVE-2024-0229-followup.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
@ -186,6 +189,7 @@ for all in `find . -type f -perm -001`; do
|
|||||||
done
|
done
|
||||||
%patch100 -p1 -b .xserver120-rebased
|
%patch100 -p1 -b .xserver120-rebased
|
||||||
%patch101 -p1 -b .rpath
|
%patch101 -p1 -b .rpath
|
||||||
|
%patch200 -p1 -b .xorg-CVE-2024-0229-followup
|
||||||
popd
|
popd
|
||||||
|
|
||||||
%patch1 -p1 -b .use-gnome-as-default-session
|
%patch1 -p1 -b .use-gnome-as-default-session
|
||||||
@ -352,6 +356,10 @@ fi
|
|||||||
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 07 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-8
|
||||||
|
- Fix copy/paste error in the DeviceStateNotify
|
||||||
|
Resolves: RHEL-20530
|
||||||
|
|
||||||
* Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7
|
* Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7
|
||||||
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
|
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
|
||||||
Resolves: RHEL-20388
|
Resolves: RHEL-20388
|
||||||
|
32
xorg-CVE-2024-0229-followup.patch
Normal file
32
xorg-CVE-2024-0229-followup.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
From 133e0d651c5d12bf01999d6289e84e224ba77adc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Peter Hutterer <peter.hutterer@who-t.net>
|
||||||
|
Date: Mon, 22 Jan 2024 14:22:12 +1000
|
||||||
|
Subject: [PATCH] dix: fix valuator copy/paste error in the DeviceStateNotify
|
||||||
|
event
|
||||||
|
|
||||||
|
Fixes 219c54b8a3337456ce5270ded6a67bcde53553d5
|
||||||
|
---
|
||||||
|
dix/enterleave.c | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/dix/enterleave.c b/dix/enterleave.c
|
||||||
|
index 7b7ba1098b..c1e6ac600e 100644
|
||||||
|
--- a/dix/enterleave.c
|
||||||
|
+++ b/dix/enterleave.c
|
||||||
|
@@ -619,11 +619,11 @@ FixDeviceValuator(DeviceIntPtr dev, deviceValuator * ev, ValuatorClassPtr v,
|
||||||
|
ev->first_valuator = first;
|
||||||
|
switch (ev->num_valuators) {
|
||||||
|
case 6:
|
||||||
|
- ev->valuator2 = v->axisVal[first + 5];
|
||||||
|
+ ev->valuator5 = v->axisVal[first + 5];
|
||||||
|
case 5:
|
||||||
|
- ev->valuator2 = v->axisVal[first + 4];
|
||||||
|
+ ev->valuator4 = v->axisVal[first + 4];
|
||||||
|
case 4:
|
||||||
|
- ev->valuator2 = v->axisVal[first + 3];
|
||||||
|
+ ev->valuator3 = v->axisVal[first + 3];
|
||||||
|
case 3:
|
||||||
|
ev->valuator2 = v->axisVal[first + 2];
|
||||||
|
case 2:
|
||||||
|
--
|
||||||
|
GitLab
|
Loading…
Reference in New Issue
Block a user