diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2023-06-15 01:50:09 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2023-06-15 01:56:06 +0300 |
commit | c2858f16b31b065f92c42c838cf21d3592bc06e7 (patch) | |
tree | 58ffae2ee30976a58733f0ad4a3e6950b4258987 /poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch | |
parent | 841583d6ba5918b60868b708ff0b89cf0409efa7 (diff) | |
download | openbmc-c2858f16b31b065f92c42c838cf21d3592bc06e7.tar.xz |
subtree updatesdunfell
poky: a631bfc3a3..733d919af4:
Alex Kiernan (2):
pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
openssh: Move sshdgenkeys.service to sshd.socket
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Ashish Sharma (2):
connman: Fix CVE-2023-28488 DoS in client.c
golang: Fix CVE-2023-24539
Bruce Ashfield (5):
linux-yocto/5.4: update to v5.4.238
linux-yocto/5.4: update to v5.4.240
linux-yocto/5.4: update to v5.4.241
linux-yocto/5.4: update to v5.4.242
linux-yocto/5.4: update to v5.4.243
Dmitry Baryshkov (1):
linux-firmware: upgrade 20230210 -> 20230404
Hitendra Prajapati (2):
git: fix CVE-2023-29007
git: fix CVE-2023-25652
Khem Raj (1):
perf: Depend on native setuptools3
Marek Vasut (1):
cpio: Fix wrong CRC with ASCII CRC for large files
Martin Jansa (1):
populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override
Nikhil R (1):
ffmpeg: Fix CVE-2022-48434
Peter Marko (1):
libxml2: patch CVE-2023-28484 and CVE-2023-29469
Randolph Sapp (1):
wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
Ranjitsinh Rathod (1):
libbsd: Add correct license for all packages
Shubham Kulkarni (1):
go: Security fix for CVE-2023-24538
Siddharth (1):
curl: ammend fix for CVE-2023-27534 to fix error when ssh is enabled
Steve Sakoman (1):
selftest: skip virgl test on ubuntu 22.10, fedora 37, and all rocky
Thomas Roos (1):
oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set
Vijay Anusuri (3):
ghostscript: Fix CVE-2023-28879
xserver-xorg: Security fix CVE-2023-0494 and CVE-2023-1393
go: Security fix CVE-2023-24540
Vivek Kumbhar (1):
freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c
Yoann Congal (1):
linux-yocto: Exclude 294 CVEs already fixed upstream
meta-openembedded: 7007d14c25..116bfe8d5e:
Alex Yao (1):
lcov: Fix Perl Path
Hitendra Prajapati (1):
multipath-tools: CVE-2022-41973 Symlink attack multipathd operates insecurely
Hugo SIMELIERE (3):
openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist
openvpn: upgrade 2.4.9 -> 2.4.12
libmodbus: Fix CVE-2022-0367
Jack Mitchell (2):
nss: backport fix for native build failure due to implicit casting with gcc13
nss: backport fix for native build failure due to dangling pointer with gcc13
Narpat Mali (1):
nodejs: make 14.18.1 available but not default
Valeria Petrov (1):
apache2: upgrade 2.4.56 -> 2.4.57
Viktor Rosendahl (1):
jsoncpp: Fix broken handling of escape characters
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I8260e0168ea1ddec7ee03555e4f5653155e0ab45
Diffstat (limited to 'poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch')
-rw-r--r-- | poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch new file mode 100644 index 0000000000..51d0e0cab6 --- /dev/null +++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch @@ -0,0 +1,46 @@ +From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan <ofourdan@redhat.com> +Date: Mon, 13 Mar 2023 11:08:47 +0100 +Subject: [PATCH] composite: Fix use-after-free of the COW + +ZDI-CAN-19866/CVE-2023-1393 + +If a client explicitly destroys the compositor overlay window (aka COW), +we would leave a dangling pointer to that window in the CompScreen +structure, which will trigger a use-after-free later. + +Make sure to clear the CompScreen pointer to the COW when the latter gets +destroyed explicitly by the client. + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> +Reviewed-by: Adam Jackson <ajax@redhat.com> + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110] +CVE: CVE-2023-1393 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + composite/compwindow.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/composite/compwindow.c b/composite/compwindow.c +index 4e2494b86b..b30da589e9 100644 +--- a/composite/compwindow.c ++++ b/composite/compwindow.c +@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin) + ret = (*pScreen->DestroyWindow) (pWin); + cs->DestroyWindow = pScreen->DestroyWindow; + pScreen->DestroyWindow = compDestroyWindow; ++ ++ /* Did we just destroy the overlay window? */ ++ if (pWin == cs->pOverlayWin) ++ cs->pOverlayWin = NULL; ++ + /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/ + return ret; + } +-- +GitLab + |