import tigervnc-1.12.0-9.el8_7.1
This commit is contained in:
parent
7789bc52c6
commit
ac813de0e4
@ -0,0 +1,35 @@
|
||||
From 7150ba655c0cc08fa6ded309b81265bb672f2869 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Hutterer <peter.hutterer@who-t.net>
|
||||
Date: Wed, 25 Jan 2023 11:41:40 +1000
|
||||
Subject: [PATCH xserver] Xi: fix potential use-after-free in
|
||||
DeepCopyPointerClasses
|
||||
|
||||
CVE-2023-0494, ZDI-CAN 19596
|
||||
|
||||
This vulnerability was discovered by:
|
||||
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
||||
|
||||
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
||||
---
|
||||
Xi/exevents.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Xi/exevents.c b/Xi/exevents.c
|
||||
index 217baa9561..dcd4efb3bc 100644
|
||||
--- a/Xi/exevents.c
|
||||
+++ b/Xi/exevents.c
|
||||
@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
|
||||
memcpy(to->button->xkb_acts, from->button->xkb_acts,
|
||||
sizeof(XkbAction));
|
||||
}
|
||||
- else
|
||||
+ else {
|
||||
free(to->button->xkb_acts);
|
||||
+ to->button->xkb_acts = NULL;
|
||||
+ }
|
||||
|
||||
memcpy(to->button->labels, from->button->labels,
|
||||
from->button->numButtons * sizeof(Atom));
|
||||
--
|
||||
2.39.0
|
||||
|
@ -5,7 +5,7 @@
|
||||
|
||||
Name: tigervnc
|
||||
Version: 1.12.0
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}.1
|
||||
Summary: A TigerVNC remote display system
|
||||
|
||||
%global _hardened_build 1
|
||||
@ -38,8 +38,8 @@ Patch100: tigervnc-xserver120.patch
|
||||
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
|
||||
Patch101: 0001-rpath-hack.patch
|
||||
|
||||
# Upstreamable patches
|
||||
# https://github.com/TigerVNC/tigervnc/pull/1513
|
||||
# CVE-2023-0494 tigervnc: xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
|
||||
Patch110: xorg-x11-server-Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
|
||||
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libX11-devel, automake, autoconf, libtool, gettext, gettext-autopoint
|
||||
@ -162,6 +162,7 @@ for all in `find . -type f -perm -001`; do
|
||||
done
|
||||
%patch100 -p1 -b .xserver120-rebased
|
||||
%patch101 -p1 -b .rpath
|
||||
%patch110 -p1 -b .Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
|
||||
popd
|
||||
|
||||
%patch1 -p1 -b .use-gnome-as-default-session
|
||||
@ -327,6 +328,10 @@ fi
|
||||
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||
|
||||
%changelog
|
||||
* Mon Feb 06 2023 Jan Grulich <jgrulich@redhat.com> - 1.12.0-9
|
||||
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
|
||||
Resolves: bz#2167057
|
||||
|
||||
* Tue Dec 06 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-8
|
||||
- x0vncserver: add new keysym in case we don't find matching keycode
|
||||
Resolves: bz#2150915
|
||||
|
Loading…
Reference in New Issue
Block a user