Hello community,
here is the log from the commit of package xorg-x11-server for openSUSE:Factory
checked in at 2020-08-05 20:26:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xorg-x11-server (Old)
and /work/SRC/openSUSE:Factory/.xorg-x11-server.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xorg-x11-server"
Wed Aug 5 20:26:01 2020 rev:384 rq:823797 version:1.20.8+0
Changes:
--------
--- /work/SRC/openSUSE:Factory/xorg-x11-server/xorg-x11-server.changes
2020-07-03 00:00:23.901679876 +0200
+++
/work/SRC/openSUSE:Factory/.xorg-x11-server.new.3592/xorg-x11-server.changes
2020-08-05 20:26:07.183020395 +0200
@@ -1,0 +2,7 @@
+Fri Jul 31 19:54:05 UTC 2020 - Stefan Dirsch <[email protected]>
+
+- U_FixForZDI-11426.patch
+ * Leak of uninitialized heap memory form the X server to clients
+ on pixmap allocation (ZDI-CAN-11426, CVE-2020-14347, bsc#1174633)
+
+-------------------------------------------------------------------
New:
----
U_FixForZDI-11426.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xorg-x11-server.spec ++++++
--- /var/tmp/diff_new_pack.7R67HY/_old 2020-08-05 20:26:08.991020967 +0200
+++ /var/tmp/diff_new_pack.7R67HY/_new 2020-08-05 20:26:08.995020968 +0200
@@ -250,6 +250,8 @@
Patch1600: U_glamor_egl-Reject-OpenGL-2.1-early-on.patch
+Patch1174633: U_FixForZDI-11426.patch
+
%description
This package contains the X.Org Server.
@@ -399,6 +401,8 @@
%patch1505 -p1
%patch1600 -p1
+%patch1174633 -p1
+
%build
%define _lto_cflags %{nil}
test -e source-file-list || \
++++++ U_FixForZDI-11426.patch ++++++
Avoid leaking un-initalized memory to clients by zeroing the
whole pixmap on initial allocation.
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <[email protected]>
---
dix/pixmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dix/pixmap.c b/dix/pixmap.c
index 1186d7dbb..5a0146bbb 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
return NullPixmap;
- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
if (!pPixmap)
return NullPixmap;
