Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 14 Dec 2021 08:37:18 -0800
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com, Povilas Kanapickas <povilas@...ix.lt>
Cc: "X.Org Security Team" <xorg-security@...ts.x.org>
Subject: Re: Fwd: X.Org Security Advisory: December 14, 2021

The fixes are also provided for XWayland users in the XWayland 21.1.4 release:
https://lists.x.org/archives/xorg-announce/2021-December/003123.html

	-Alan Coopersmith-              alan.coopersmith@...cle.com
	  X.Org Security Response Team - xorg-security@...ts.x.org

On 12/14/21 5:14 AM, Povilas Kanapickas wrote:
> 
> -------- Forwarded Message --------
> Subject: X.Org Security Advisory: December 14, 2021
> Date: Tue, 14 Dec 2021 15:11:35 +0200
> From: Povilas Kanapickas <povilas@...ix.lt>
> To: xorg-announce@...ts.x.org
> CC: xorg-devel@...ts.x.org <xorg-devel@...ts.x.org>, xorg@...ts.x.org
> 
> X.Org Security Advisory: December 14, 2021
> 
> Multiple input validation failures in X server extensions
> =========================================================
> 
> All of the following issues can lead to local privileges elevation on
> systems where the X server is running privileged and remote code
> execution for ssh X forwarding sessions.
> 
> * CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds
> access
> 
> The handler for the CompositeGlyphs request of the Render extension does
> not properly validate the request length leading to out of bounds memory
> write.
> 
> * CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier
> out-of-bounds access
> 
> The handler for the CreatePointerBarrier request of the XFixes extension
> does not properly validate the request length leading to out of bounds
> memory write.
> 
> * CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access
> 
> The handler for the Suspend request of the Screen Saver extension does
> not properly validate the request length leading to out of bounds memory
> write.
> 
> * CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access
> 
> The handlers for the RecordCreateContext and RecordRegisterClients
> requests of the Record extension do not properly validate the request
> length leading to out of bounds memory write.
> 
> Patches
> -------
> 
> Patches for this issues have been commited to the xorg server git
> repository (https://gitlab.freedesktop.org/xorg/xserver). xorg-server
> 21.1.2 will be released shortly and will include these patches.
> 
> commit ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60
> 
>      render: Fix out of bounds access in SProcRenderCompositeGlyphs()
> 
>      ZDI-CAN-14192, CVE-2021-4008
> 
>      This vulnerability was discovered and the fix was suggested by:
>      Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
> 
> commit b5196750099ae6ae582e1f46bd0a6dad29550e02
> 
>      xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier()
> 
>      ZDI-CAN-14950, CVE-2021-4009
> 
>      This vulnerability was discovered and the fix was suggested by:
>      Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
> 
> commit 6c4c53010772e3cb4cb8acd54950c8eec9c00d21
> 
>      Xext: Fix out of bounds access in SProcScreenSaverSuspend()
> 
>      ZDI-CAN-14951, CVE-2021-4010
> 
>      This vulnerability was discovered and the fix was suggested by:
>      Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
> 
> commit e56f61c79fc3cee26d83cda0f84ae56d5979f768
> 
>      record: Fix out of bounds access in SwapCreateRegister()
> 
>      ZDI-CAN-14952, CVE-2021-4011
> 
>      This vulnerability was discovered and the fix was suggested by:
>      Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
> 
> Thanks
> ======
> 
> This vulnerability was discovered by Jan-Niklas Sohn working with
> Trend Micro Zero Day Initiative.
> 
> --
> Povilas Kanapickas
> 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.