Date: Tue, 13 Apr 2021 16:04:32 +0200 From: Matthieu Herrb <matthieu@...rb.eu> To: oss-security@...ts.openwall.com Subject: X.Org server security advisory: April 13, 2021 X.Org server security advisory: April 13, 2021 Input validation failures in X server XInput extension ====================================================== Insufficient checks on the lengths of the XInput extension ChangeFeedbackControl request can lead to out of bounds memory accesses in the X server. These issues can lead to privilege escalation for authorized clients on systems where the X server is running privileged. * CVE-2021-3472 / ZDI CAN 12549 XChangeFeedbackControl Integer Underflow Patch ----- A patch for this issue has been committed to the xorg server git repository. xorg-server 1.20.11 and xwayland 21.1.1 will be released shortly and will include this patch. https://gitlab.freedesktop.org/xorg/xserver.git commit 7aaf54a1884f71dc363f0b884e57bcb67407a6cd Fix XChangeFeedbackControl() request underflow CVE-2021-3472 / ZDI-CAN-1259 Thanks ====== These vulnerabilities have been discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. -- Matthieu Herrb Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.