oss-sec mailing list archives
Fwd: X.Org Security Advisory: December 14, 2021
From: Povilas Kanapickas <povilas () radix lt>
Date: Tue, 14 Dec 2021 15:14:06 +0200
-------- Forwarded Message -------- Subject: X.Org Security Advisory: December 14, 2021 Date: Tue, 14 Dec 2021 15:11:35 +0200 From: Povilas Kanapickas <povilas () radix lt> To: xorg-announce () lists x org CC: xorg-devel () lists x org <xorg-devel () lists x org>, xorg () lists x org X.Org Security Advisory: December 14, 2021 Multiple input validation failures in X server extensions ========================================================= All of the following issues can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. * CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds access The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write. * CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds access The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. * CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write. * CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. Patches ------- Patches for this issues have been commited to the xorg server git repository (https://gitlab.freedesktop.org/xorg/xserver). xorg-server 21.1.2 will be released shortly and will include these patches. commit ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60 render: Fix out of bounds access in SProcRenderCompositeGlyphs() ZDI-CAN-14192, CVE-2021-4008 This vulnerability was discovered and the fix was suggested by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative commit b5196750099ae6ae582e1f46bd0a6dad29550e02 xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier() ZDI-CAN-14950, CVE-2021-4009 This vulnerability was discovered and the fix was suggested by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative commit 6c4c53010772e3cb4cb8acd54950c8eec9c00d21 Xext: Fix out of bounds access in SProcScreenSaverSuspend() ZDI-CAN-14951, CVE-2021-4010 This vulnerability was discovered and the fix was suggested by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative commit e56f61c79fc3cee26d83cda0f84ae56d5979f768 record: Fix out of bounds access in SwapCreateRegister() ZDI-CAN-14952, CVE-2021-4011 This vulnerability was discovered and the fix was suggested by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Thanks ====== This vulnerability was discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. -- Povilas Kanapickas
Current thread:
- Fwd: X.Org Security Advisory: December 14, 2021 Povilas Kanapickas (Dec 14)
- Re: Fwd: X.Org Security Advisory: December 14, 2021 Alan Coopersmith (Dec 14)