diff options
Diffstat (limited to 'Development')
| -rw-r--r-- | Development/Documentation/SubmittingPatches.mdwn | 2 | ||||
| -rw-r--r-- | Development/Security.mdwn | 67 |
2 files changed, 60 insertions, 9 deletions
diff --git a/Development/Documentation/SubmittingPatches.mdwn b/Development/Documentation/SubmittingPatches.mdwn index b09babd2..edb60fa6 100644 --- a/Development/Documentation/SubmittingPatches.mdwn +++ b/Development/Documentation/SubmittingPatches.mdwn @@ -11,7 +11,7 @@ Take a look at this [[example commit|http://cgit.freedesktop.org/xorg/xserver/co The patch submitter does the following: * Commit code changes to the local repository using the [[git-commit|http://www.kernel.org/pub/software/scm/git/docs/git-commit.html]] command -* Create a [[merge request|https://gitlab.freedesktop.org/help/gitlab-basics/add-merge-request.md]] in the freedesktop.org gitlab +* Create a [[merge request|https://gitlab.freedesktop.org/help/user/project/merge_requests/getting_started.md]] in the freedesktop.org gitlab The reviewers do one of the following: diff --git a/Development/Security.mdwn b/Development/Security.mdwn index df95e347..f245c039 100644 --- a/Development/Security.mdwn +++ b/Development/Security.mdwn @@ -2,7 +2,7 @@ This page details security issues that have been found in X.Org, and their remedies. -Please contact the [[X.Org security team|Development/Security/Organization]] at [[xorg-security@lists.x.org|mailto:xorg-security%40lists.x.org]] to report security issues in the X.Org codebase. +Please contact the [[X.Org security team|Development/Security/Organization]] at [[xorg-security@lists.x.oftrg|mailto:xorg-security%40lists.x.org]] to report security issues in the X.Org codebase. While the advisories are listed below by the most recent release they affect, most affect older releases as well, in many cases going back to the introduction of the affected functionality. @@ -10,6 +10,59 @@ See the [[Security Checklist|Development/Security/Checklist]] for the list of th ## X.Org 7.7 +* April 3, 2024 Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5 + * CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents + * CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice + * CVE-2024-31082: Heap buffer overread/data leakage in ProcAppleDRICreatePixmap + * CVE-2024-31083: User-after-free in ProcRenderAddGlyphs + * Fixed in [[xwayland 23.2.5|https://lists.x.org/archives/xorg-announce/2024-April/003498.html]] + * Fixed in [[xorg-server 21.1.12|https://lists.x.org/archives/xorg-announce/2024-April/003499.html]] + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2024-April/003497.html]] for more information + * Note that the fix for CVE-2024-31083 introduced a regression, which was fixed in [[xwayland 23.2.6|https://lists.x.org/archives/xorg-announce/2024-April/003503.html]] and [[xorg-server 21.1.13|https://lists.x.org/archives/xorg-announce/2024-April/003504.html]], see [[the advisory|https://lists.x.org/archives/xorg-announce/2024-April/003505.html]] for more information + +* January 16, 2024 Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4 + * CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer + * CVE-2024-0229: Reattaching to different master device may lead to out-of-bounds memory access + * CVE-2024-21885: Heap buffer overflow in XISendDeviceHierarchyEvent + * CVE-2024-21886: Heap buffer overflow in DisableDevice + * CVE-2024-0409: SELinux context corruption + * CVE-2024-0408: SELinux unlabeled GLX PBuffer + * Fixed in [[xwayland 23.2.4|https://lists.x.org/archives/xorg-announce/2024-January/003443.html]] + * Fixed in [[xorg-server 21.1.11|https://lists.x.org/archives/xorg-announce/2024-January/003442.html]] + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2024-January/003444.html]] for more information + +* October 2, 2023 Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17 + * CVE-2023-43785 libX11: out-of-bounds memory access in _XkbReadKeySyms() + * CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() + * CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow + * CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() + * CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap + * Fixed in [[libX11 1.8.7|https://lists.x.org/archives/xorg-announce/2023-October/003426.html]] and [[libXpm 3.5.17|https://lists.x.org/archives/xorg-announce/2023-October/003425.html]] + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2023-June/003406.html]] for more information + +* June 15, 2023 Buffer overflows in InitExt.c in libX11 prior to 1.8.6 + * CVE-2023-3138 Sub-object overflows in libX11 + * Fixed in [[libX11 1.8.6|https://lists.x.org/archives/xorg-announce/2023-June/003407.html]] + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2023-June/003406.html]] for more information + +* January 17, 2023 Issues handling XPM files in libXpm prior to 3.5.15 + * CVE-2022-46285 Infinite loop on unclosed comments + * CVE-2022-44617 Runaway loop on width of 0 and enormous height + * CVE-2022-4883 compression commands depend on $PATH + * Fixed in [[libXpm 3.5.15|https://lists.x.org/archives/xorg-announce/2023-January/003313.html]] + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2023-January/003312.html]] for more information + +* December 14, 2022 Multiple security issues in X server extensions + * CVE-2022-46340 / ZDI-CAN-19265 XTestSwapFakeInput stack overflow + * CVE-2022-46341 / ZDI-CAN-19381 XIPassiveUngrab out-of-bounds access + * CVE-2022-46342 / ZDI-CAN-19400 XvdiSelectVideoNotify use-after-free + * CVE-2022-46343 / ZDI-CAN-19404 ScreenSaverSetAttributes use-after-free + * CVE-2022-46344 / ZDI-CAN-19405 XIChangeProperty out-of-bounds access + * CVE-2022-4283 / ZDI-CAN-19530 XkbGetKbdByName use-after-free + * Fixed in [[xwayland 22.1.6|https://lists.x.org/archives/xorg-announce/2022-December/003304.html]] + * Fixed in [[xorg-server 21.1.5|https://lists.x.org/archives/xorg-announce/2022-December/003303.html]] + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2022-December/003302.html]] for more information + * December 14, 2021 Multiple input validation failures in X server extensions * CVE-2021-4008 / ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds access * CVE-2021-4009 / ZDI-CAN-14950 SProcXFixesCreatePointerBarrier out-of-bounds access @@ -129,7 +182,7 @@ Please see [[the advisory|Development/Security/Advisory-2013-05-23]] for more in ## X.Org 7.3 -* Jun 11, 2008 - CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362: Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption. Please see [[the advisory|http://lists.freedesktop.org/archives/xorg-announce/2008-June/000578.html]] for more information. Patches are available: [[CVE-2008-1377|ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff]] [[CVE-2008-1379|ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff]] [[CVE-2008-2360|ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff]] [[CVE-2008-2361|ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff]] [[CVE-2008-2362|ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff]] +* Jun 11, 2008 - CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362: Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption. Please see [[the advisory|http://lists.freedesktop.org/archives/xorg-announce/2008-June/000578.html]] for more information. Patches are available: [[CVE-2008-1377|https://www.x.org/releases/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff]] [[CVE-2008-1379|https://www.x.org/releases/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff]] [[CVE-2008-2360|https://www.x.org/releases/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff]] [[CVE-2008-2361|https://www.x.org/releases/X11R7.3/patches/patches/xorg-xserver-1.4-cve-2008-2361.diff]] [[CVE-2008-2362|https://www.x.org/releases/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff]] * Jan 17, 2008 - CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006: Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows. Please see [[the advisory|http://lists.freedesktop.org/archives/xorg-announce/2008-January/000441.html]] for more information. Patches are available for [[X11R7.2|Releases/7.2]]: [[libXfont 1.2.7|http://xorg.freedesktop.org/archive/X11R7.2/patches/xorg-libXfont-1.2.7-pcf-parser.diff]] and [[xserver 1.2|http://xorg.freedesktop.org/archive/X11R7.2/patches/xorg-xserver-1.2-multiple-overflows.diff]] as well as for [[X11R7.3|Releases/7.3]]: [[libXfont 1.3.1|http://xorg.freedesktop.org/archive/X11R7.3/patches/xorg-libXfont-1.3.1-pcf-parser.diff]] and [[xserver 1.4|http://xorg.freedesktop.org/archive/X11R7.3/patches/xorg-xserver-1.4-multiple-overflows.diff]]. * **Update** Jan 21, 2008 - The patch for the MIT-SHM vulnerability (CVE-2007-6429) introduced a regression for applications that allocate pixmaps with a less than 8 bits depth. New patches are available for [[xserver 1.2|http://xorg.freedesktop.org/archive/X11R7.2/patches/xorg-xserver-1.2-multiple-overflows-v2.diff]] and [[xserver 1.4|http://xorg.freedesktop.org/archive/X11R7.3/patches/xorg-xserver-1.4-multiple-overflows-v2.diff]]. * MD5: `8e3f74c2cabddd3d629018924140e413` [[xorg-xserver-1.2-multiple-overflows-v2.diff|http://xorg.freedesktop.org/archive/X11R7.2/patches/xorg-xserver-1.2-multiple-overflows-v2.diff]] @@ -151,15 +204,15 @@ Please see [[the advisory|Development/Security/Advisory-2013-05-23]] for more in * June 20, 2006 - A lack of checks for setuid() failures when invoked by a privileged process (e.g., X server, xdm, xterm, if installed setuid or setgid) may cause the process to execute certain privileged operations (file access) as root while it was intended to be executed with a less privileged effective user ID, on systems where setuid() called by root can fail. This can be used by a malicious local user to overwrite files and possibly elevate privileges in some corner cases. Please see [[the advisory|http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html]] for more information. Patches are available for [[6.8.2|Releases/6.8.2]], [[6.9.0|Releases/6.9]], [[7.0|Releases/7.0]] and [[7.1|Releases/7.1]]. * May 2, 2006 - A security vulnerability has been found in the X.Org server as shipped with X11R6.8.x, X11R6.9.0 and X11R7.0 (xorg-server 1.0.x) -- this is [[CVE-2006-1526|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526]]. Clients authorized to connect to the X server are able to crash it and to execute malicious code within the X server. Please see [[the advisory|http://lists.freedesktop.org/archives/xorg/2006-May/015136.html]] for more information. Patches are available for [[6.8.2|Releases/6.8.2]], [[6.9.0|Releases/6.9]] and [[7.0|Releases/7.0]]. -* March 20, 2006 - A security vulnerability has been found in the X.Org server as shipped with X11R6.9.0 and X11R7.0 (xorg-server 1.0.0 and 1.0.1) -- this is [[CVE-2006-0745|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0745]]. Local users were able to escalate privileges to root and cause a DoS if the Xorg server was installed setuid root (the default). Note that earlier releases are not vulnerable. Please see [[the advisory|http://lists.freedesktop.org/archives/xorg/2006-March/013858.html]] for more information. Patches are available for [[6.9.0|Releases/6.9]] and [[7.0|Releases/7.0]]. If you are running X11R7.0, you can upgrade xorg-server to 1.0.2 or later ([[release announcement|http://lists.freedesktop.org/archives/xorg/2006-March/013993.html]]). +* March 20, 2006 - A security vulnerability has been found in the X.Org server as shipped with X11R6.9.0 and X11R7.0 (xorg-server 1.0.0 and 1.0.1) -- this is [[CVE-2006-0745|https://www.cve.org/CVERecord?id=CVE-2006-0745]]. Local users were able to escalate privileges to root and cause a DoS if the Xorg server was installed setuid root (the default). Note that earlier releases are not vulnerable. Please see [[the advisory|http://lists.freedesktop.org/archives/xorg/2006-March/013858.html]] for more information. Patches are available for [[6.9.0|Releases/6.9]] and [[7.0|Releases/7.0]]. If you are running X11R7.0, you can upgrade xorg-server to 1.0.2 or later ([[release announcement|http://lists.freedesktop.org/archives/xorg/2006-March/013993.html]]). ## X.Org 6.8.2 -* September 12, 2005 - Due to missing range checks for the pixel size of the pixmap subsequent pixmap read/write functions can access memory outside of the allocated pixmap by any X client that can connect to the affected X server. This way any user having access to the server can access memory that is accessible from within the X server and/or crash the server. The CVE number for these vulnerabilities is [[CAN-2005-2495|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495]]. A patch against [[6.8.2|Releases/6.8.2]] is available. +* September 12, 2005 - Due to missing range checks for the pixel size of the pixmap subsequent pixmap read/write functions can access memory outside of the allocated pixmap by any X client that can connect to the affected X server. This way any user having access to the server can access memory that is accessible from within the X server and/or crash the server. The CVE number for these vulnerabilities is [[CVE-2005-2495|https://www.cve.org/CVERecord?id=CVE-2005-2495]]. A patch against [[6.8.2|Releases/6.8.2]] is available. ## X.Org 6.8.1 -* November 17, 2004 - X.Org was made aware of additional security vulnerability in libXpm, the X Pixmap library, which is shipped as part of the X Window System. The affected library is used in many popular application for image viewing and manipulation. The Common Vulnerabilities and Exposures (CVE) project has assigned the name [[CAN-2004-0914|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914]] to these issues. Patches are provided for [[6.8.0|Releases/6.8]] and [[6.8.1|Releases/6.8.1]]. The problem is fixed in 6.8.2 and later. +* November 17, 2004 - X.Org was made aware of additional security vulnerability in libXpm, the X Pixmap library, which is shipped as part of the X Window System. The affected library is used in many popular application for image viewing and manipulation. The Common Vulnerabilities and Exposures (CVE) project has assigned the name [[CVE-2004-0914|https://www.cve.org/CVERecord?id=CVE-2004-0914]] to these issues. Patches are provided for [[6.8.0|Releases/6.8]] and [[6.8.1|Releases/6.8.1]]. The problem is fixed in 6.8.2 and later. ## X.Org 6.8.0 @@ -169,6 +222,4 @@ Please see [[the advisory|Development/Security/Advisory-2013-05-23]] for more in _This is not a complete listing of older security issues, just those discovered more recently_ -* July 24, 2012 - CVE-2012-1699: A vulnerability has been found in the X11R6 font server code in the handling of the `SetEventMask` request in xfs which can lead to either denial of service or a leak of information from the xfs process address space. Please see [[the advisory|http://lists.freedesktop.org/archives/xorg-announce/2012-July/002040.html]] for more information. Patch is included in the advisory. Fix is included in XFree86 3.3.3 and later, and X.Org X11R6.7 and later. - -_For older vulnerabilities, check the [Open Source Vulnerability Database (OSVDB)](http://osvdb.org/) pages for [X.Org](http://osvdb.org/vendor/22112-x-org-foundation/1 "OSVDB: Vulnerabilities for X.Org Foundation software") and [XFree86](http://osvdb.org/vendor/1714-xfree86-project-inc/1 "OSVDB: Vulnerabilities for XFree86 Project, Inc. software")._ +* July 24, 2012 - CVE-2012-1699: A vulnerability has been found in the X11R6 font server code in the handling of the `SetEventMask` request in xfs which can lead to either denial of service or a leak of information from the xfs process address space. Please see [[the advisory|http://lists.freedesktop.org/archives/xorg-announce/2012-July/002040.html]] for more information. Patch is included in the advisory. Fix is included in XFree86 3.3.3 and later, and X.Org X11R6.7 and later. |