Fix information disclosure bug in pixmap allocation (CVE-2020-14347)
This commit is contained in:
		
							parent
							
								
									9d32eb45b5
								
							
						
					
					
						commit
						e6480d9628
					
				
							
								
								
									
										33
									
								
								0001-fix-for-ZDI-11426.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										33
									
								
								0001-fix-for-ZDI-11426.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,33 @@ | |||||||
|  | From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Matthieu Herrb <matthieu@herrb.eu> | ||||||
|  | Date: Sat, 25 Jul 2020 19:33:50 +0200 | ||||||
|  | Subject: [PATCH xserver] fix for ZDI-11426 | ||||||
|  | 
 | ||||||
|  | Avoid leaking un-initalized memory to clients by zeroing the | ||||||
|  | whole pixmap on initial allocation. | ||||||
|  | 
 | ||||||
|  | This vulnerability was discovered by: | ||||||
|  | Jan-Niklas Sohn working with Trend Micro Zero Day Initiative | ||||||
|  | 
 | ||||||
|  | Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> | ||||||
|  | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> | ||||||
|  | ---
 | ||||||
|  |  dix/pixmap.c | 2 +- | ||||||
|  |  1 file changed, 1 insertion(+), 1 deletion(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/dix/pixmap.c b/dix/pixmap.c
 | ||||||
|  | index 1186d7dbbf..5a0146bbb6 100644
 | ||||||
|  | --- a/dix/pixmap.c
 | ||||||
|  | +++ b/dix/pixmap.c
 | ||||||
|  | @@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
 | ||||||
|  |      if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize) | ||||||
|  |          return NullPixmap; | ||||||
|  |   | ||||||
|  | -    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
 | ||||||
|  | +    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
 | ||||||
|  |      if (!pPixmap) | ||||||
|  |          return NullPixmap; | ||||||
|  |   | ||||||
|  | -- 
 | ||||||
|  | 2.23.0 | ||||||
|  | 
 | ||||||
| @ -46,7 +46,7 @@ | |||||||
| Summary:   X.Org X11 X server | Summary:   X.Org X11 X server | ||||||
| Name:      xorg-x11-server | Name:      xorg-x11-server | ||||||
| Version:   1.20.8 | Version:   1.20.8 | ||||||
| Release:   2%{?gitdate:.%{gitdate}}%{?dist} | Release:   3%{?gitdate:.%{gitdate}}%{?dist} | ||||||
| URL:       http://www.x.org | URL:       http://www.x.org | ||||||
| License:   MIT | License:   MIT | ||||||
| 
 | 
 | ||||||
| @ -95,6 +95,7 @@ Patch6: 0001-Fedora-hack-Make-the-suid-root-wrapper-always-start-.patch | |||||||
| # Backports from current stable "server-1.20-branch": | # Backports from current stable "server-1.20-branch": | ||||||
| 
 | 
 | ||||||
| # Backports from "master" upstream: | # Backports from "master" upstream: | ||||||
|  | Patch100: 0001-fix-for-ZDI-11426.patch | ||||||
| 
 | 
 | ||||||
| # Backported Xwayland randr resolution change emulation support | # Backported Xwayland randr resolution change emulation support | ||||||
| Patch501: 0001-dix-Add-GetCurrentClient-helper.patch | Patch501: 0001-dix-Add-GetCurrentClient-helper.patch | ||||||
| @ -546,6 +547,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete | |||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Fri Jul 31 2020 Adam Jackson <ajax@redhat.com> - 1.20.8-3 | ||||||
|  | - Fix information disclosure bug in pixmap allocation (CVE-2020-14347) | ||||||
|  | 
 | ||||||
| * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.8-2 | * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.8-2 | ||||||
| - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild | - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user