From bce000f2ab99d5deb19b19957834b0adc6e33710 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 6 Feb 2023 13:16:49 +0100 Subject: [PATCH] xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation - missing spec file changes Resolves: bz#2167061 --- tigervnc.spec | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tigervnc.spec b/tigervnc.spec index eaab418..2a1607e 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -5,7 +5,7 @@ Name: tigervnc Version: 1.12.0 -Release: 9%{?dist} +Release: 10%{?dist} Summary: A TigerVNC remote display system %global _hardened_build 1 @@ -39,6 +39,9 @@ Patch100: tigervnc-xserver120.patch # 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start Patch101: 0001-rpath-hack.patch +# CVE-2023-0494 tigervnc: xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation +Patch110: xorg-x11-server-Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch + BuildRequires: make BuildRequires: gcc-c++ BuildRequires: libX11-devel, automake, autoconf, libtool, gettext, gettext-autopoint @@ -162,6 +165,7 @@ for all in `find . -type f -perm -001`; do done %patch100 -p1 -b .xserver120-rebased %patch101 -p1 -b .rpath +%patch110 -p1 -b .Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch popd %patch1 -p1 -b .use-gnome-as-default-session @@ -351,6 +355,10 @@ fi %ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} %changelog +* Mon Feb 06 2023 Jan Grulich - 1.12.0-10 +- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation + Resolves: bz#2167061 + * Tue Dec 20 2022 Tomas Popela - 1.12.0-9 - Rebuild for xorg-x11-server CVE-2022-46340 follow up fix