Additional fix to CVE-2025-49176: xorg-x11-server: Integer Overflow in Big Requests Extension
Resolves: RHEL-97294
This commit is contained in:
Jan Grulich
parent
eb8a57c918
commit
8996d74184
@ -5,7 +5,7 @@
|
||||
|
||||
Name: tigervnc
|
||||
Version: 1.15.0
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
Summary: A TigerVNC remote display system
|
||||
|
||||
%global _hardened_build 1
|
||||
@ -56,10 +56,11 @@ Patch210: xorg-CVE-2025-26601-2.patch
|
||||
Patch211: xorg-CVE-2025-26601-3.patch
|
||||
Patch212: xorg-CVE-2025-26601-4.patch
|
||||
Patch213: xorg-CVE-2025-49175.patch
|
||||
Patch214: xorg-CVE-2025-49176.patch
|
||||
Patch215: xorg-CVE-2025-49178.patch
|
||||
Patch216: xorg-CVE-2025-49179.patch
|
||||
Patch217: xorg-CVE-2025-49180.patch
|
||||
Patch214: xorg-CVE-2025-49176-1.patch
|
||||
Patch215: xorg-CVE-2025-49176-2.patch
|
||||
Patch216: xorg-CVE-2025-49178.patch
|
||||
Patch217: xorg-CVE-2025-49179.patch
|
||||
Patch218: xorg-CVE-2025-49180.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc-c++
|
||||
@ -236,10 +237,11 @@ cat ../xserver120.patch | patch -p1
|
||||
%patch -P211 -p1 -b .xorg-CVE-2025-26601-3
|
||||
%patch -P212 -p1 -b .xorg-CVE-2025-26601-4
|
||||
%patch -P213 -p1 -b .xorg-CVE-2025-49175
|
||||
%patch -P214 -p1 -b .xorg-CVE-2025-49176
|
||||
%patch -P215 -p1 -b .xorg-CVE-2025-49178
|
||||
%patch -P216 -p1 -b .xorg-CVE-2025-49179
|
||||
%patch -P217 -p1 -b .xorg-CVE-2025-49180
|
||||
%patch -P214 -p1 -b .xorg-CVE-2025-49176-1
|
||||
%patch -P215 -p1 -b .xorg-CVE-2025-49176-2
|
||||
%patch -P216 -p1 -b .xorg-CVE-2025-49178
|
||||
%patch -P217 -p1 -b .xorg-CVE-2025-49179
|
||||
%patch -P218 -p1 -b .xorg-CVE-2025-49180
|
||||
popd
|
||||
|
||||
%patch -P1 -p1 -b .use-gnome-as-default-session
|
||||
@ -407,6 +409,10 @@ fi
|
||||
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||
|
||||
%changelog
|
||||
* Wed Jun 18 2025 Jan Grulich <jgrulich@redhat.com> - 1.15.0-7
|
||||
- Additional fix to CVE-2025-49176: xorg-x11-server: Integer Overflow in Big Requests Extension
|
||||
Resolves: RHEL-97294
|
||||
|
||||
* Tue Jun 17 2025 Jan Grulich <jgrulich@redhat.com> - 1.15.0-6
|
||||
- Fix CVE-2025-49175: xorg-x11-server: Out-of-Bounds Read in X Rendering Extension Animated Cursors
|
||||
Resolves: RHEL-97268
|
||||
|
||||
32
xorg-CVE-2025-49176-2.patch
Normal file
32
xorg-CVE-2025-49176-2.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 6794bf46b1c76c0a424940c97be3576dc2e7e9b1 Mon Sep 17 00:00:00 2001
|
||||
From: Olivier Fourdan <ofourdan@redhat.com>
|
||||
Date: Wed, 18 Jun 2025 08:39:02 +0200
|
||||
Subject: [PATCH] os: Check for integer overflow on BigRequest length
|
||||
|
||||
Check for another possible integer overflow once we get a complete xReq
|
||||
with BigRequest.
|
||||
|
||||
Related to CVE-2025-49176
|
||||
|
||||
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
|
||||
Suggested-by: Peter Harris <pharris2@rocketsoftware.com>
|
||||
---
|
||||
os/io.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/os/io.c b/os/io.c
|
||||
index e7b76b9cea..167b40a720 100644
|
||||
--- a/os/io.c
|
||||
+++ b/os/io.c
|
||||
@@ -394,6 +394,8 @@ ReadRequestFromClient(ClientPtr client)
|
||||
needed = get_big_req_len(request, client);
|
||||
}
|
||||
client->req_len = needed;
|
||||
+ if (needed > MAXINT >> 2)
|
||||
+ return -(BadLength);
|
||||
needed <<= 2;
|
||||
}
|
||||
if (gotnow < needed) {
|
||||
--
|
||||
GitLab
|
||||
|
||||
Loading…
Reference in New Issue
Block a user