[ANNOUNCE] libXrandr 1.5.1
Matthieu Herrb (1): libXrandr 1.5.1 Tobias Stoeckmann (1): Avoid out of boundary accesses on illegal responses walter harms (2): fix: doGetScreenResources() info: redundant null check on calling free() fix: redundant null check on calling free() git tag: libXrandr-1.5.1 https://xorg.freedesktop.org/archive/individual/lib/libXrandr-1.5.1.tar.bz2 MD5: 28e486f1d491b757173dd85ba34ee884 libXrandr-1.5.1.tar.bz2 SHA1: 7232fe2648b96fed531208c3ad2ba0be61990041 libXrandr-1.5.1.tar.bz2 SHA256: 1ff9e7fa0e4adea912b16a5f0cfa7c1d35b0dcda0e216831f7715c8a3abcf51a libXrandr-1.5.1.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXrandr-1.5.1.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXrandr-1.5.1.tar.gz MD5: 59e90a544ee8cf706cf11e3027339f60 libXrandr-1.5.1.tar.gz SHA1: d2d194a00914e863e51bac7c438b437dd490280f libXrandr-1.5.1.tar.gz SHA256: 2baa7fb3eca78fe7e11a09b373ba898b717f7eeba4a4bfd68187e04b4789b0d3 libXrandr-1.5.1.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXrandr-1.5.1.tar.gz.sig signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libXi 1.7.7
Matthieu Herrb (1): libXi 1.7.7 Tobias Stoeckmann (1): Properly validate server responses. git tag: libXi-1.7.7 https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.bz2 MD5: cc0883a898222d50ff79af3f83595823 libXi-1.7.7.tar.bz2 SHA1: 37d150d7cc7061612643a3b8f458ff004edc6f2d libXi-1.7.7.tar.bz2 SHA256: 996f834fa57b9b33ba36690f6f5c6a29320bc8213022943912462d8015b1e030 libXi-1.7.7.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.gz MD5: 26150b56d62bc2178fa398442b504ba4 libXi-1.7.7.tar.gz SHA1: 6a3a50e0f0e5f78e258d3c61ac1012a9a559a51b libXi-1.7.7.tar.gz SHA256: 501f49e9c85609da17614d711aa4931fd128011042ff1cae53a16ce03e51ff5e libXi-1.7.7.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXi-1.7.7.tar.gz.sig signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libXvMC 1.0.10
Matthieu Herrb (1): libXvMC 1.0.10 Tobias Stoeckmann (1): Avoid buffer underflow on empty strings. git tag: libXvMC-1.0.10 https://xorg.freedesktop.org/archive/individual/lib/libXvMC-1.0.10.tar.bz2 MD5: 4cbe1c1def7a5e1b0ed5fce8e512f4c6 libXvMC-1.0.10.tar.bz2 SHA1: 8c50ee4a43aff84d807da2122ec6b0d8e3ce4635 libXvMC-1.0.10.tar.bz2 SHA256: e501a079b5dfaef0897c56152770c77e05e362065cec58910289aa567277ee2e libXvMC-1.0.10.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXvMC-1.0.10.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXvMC-1.0.10.tar.gz MD5: ddb5c45bc56977acfdeec29b8118c487 libXvMC-1.0.10.tar.gz SHA1: ebcd70da1c3a01d785df6a003c475cdaaac145ad libXvMC-1.0.10.tar.gz SHA256: d8306f71c798d10409bb181b747c2644e1d60c05773c742c12304ab5aa5c8436 libXvMC-1.0.10.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXvMC-1.0.10.tar.gz.sig signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libX11 1.6.4
Alan Coopersmith (20): Move Compose \ o / to be with other emoji compose sequences Replace Xmalloc+memset pairs with Xcalloc calls Get rid of some extraneous ; at the end of C source lines Remove unused definition of XCONN_CHECK_FREQ Bug 93184: read_EncodingInfo invalid free Bug 93183: _XDefaultOpenIM memory leaks in out-of-memory error paths Delete #if 0 hunks of code Use strdup instead of Xmalloc+strcpy in _XDefaultOpenIM XDefaultOMIF: replace strlen+Xmalloc+strcpy with strdup XDefaultOMIF: additional code simplification XDefaultOMIF: Remove comments referring to ancient Sun bug ids XlcDL.c: replace strcpy+strcat sequences with snprintf XlcDL.c: reduce code duplication lcPubWrap: replace malloc(strlen) + strcpy with strdup Stop checking XTRANS_SECURE_RPC_FLAGS since we no longer use them Stop checking for preferred order of local transports Don't need to link libX11-xcb against libX11 xcms: use size_t for strlen/sizeof values instead of converting to int & back xcms: use unsigned indexes when looping through unsigned values xcms: use size_t for pointer offsets passed to strncmp Bhavi Dhingra (1): omGeneric.c: Correct the parameter usage of sizeof Christian Linhart (1): fix for Xlib 32-bit request number issues Daniel Albers (1): Add Compose sequence for U+1F4A9. Dominik Muth (1): Xlib.h: Fix macros imitating C functions. Gunnar Hjalmarsson (1): Add compose file for pt_PT similar to pt_BR James Cloos (2): Fix missing update in cf4d5989383a Fix another missing update in cf4d5989383a Julien Cristau (1): Mark _XNextRequest as hidden Mats Blakstad (1): New compose keys for local languages in Togo Matthew D. Fuller (1): Fixup param specification for XChangeProperty() Matthieu Herrb (1): libX11 1.6.4 Mike FABIAN (3): add be_BY.UTF-8@latin and sr_RS.UTF-8@latin to locale.dir fix spelling mistakes in ks_IN and sd_IN devanagari locales Fix spelling mistake introduced by 748d47e69f5c12d8557d56a8a8ec166588da7b93 Olivier Fourdan (1): XKB: fix XkbGetKeyboardByName with Xming server Peter Hutterer (3): Fix potential memory leak Fix an indentation issue Fix three "use of uninitialized variable" coverity warnings Ross Burton (1): Add missing NULL checks to ICWrap Thomas Klausner (2): Do not return() after exit(). Ignore test-driver (used by newer autoconf). Tobias Stoeckmann (2): The validation of server responses avoids out of boundary accesses. Validation of server responses in XGetImage() walter harms (1): XFree will accept NULL as argument git tag: libX11-1.6.4 https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.4.tar.bz2 MD5: 6d54227082f3aa2c596f0b3a3fbb9175 libX11-1.6.4.tar.bz2 SHA1: 94f375f28e592a599594d3d6ce982516afdc212c libX11-1.6.4.tar.bz2 SHA256: b7c748be3aa16ec2cbd81edc847e9b6ee03f88143ab270fb59f58a044d34e441 libX11-1.6.4.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.4.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.4.tar.gz MD5: f60fb9f397090ed7d75c8c8873014d1e libX11-1.6.4.tar.gz SHA1: 04acc1fb67fe3752c3be65f906c8b0ecd2df3ccb libX11-1.6.4.tar.gz SHA256: 5d7fbb9e15c27900ea8963218a59750b674a8d7c94161b66e96fcfbdaa1c6263 libX11-1.6.4.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libX11-1.6.4.tar.gz.sig signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libXfixes 5.0.3
Matthieu Herrb (1): libXfixes 5.0.3 Tobias Stoeckmann (1): Integer overflow on illegal server response git tag: libXfixes-5.0.3 https://xorg.freedesktop.org/archive/individual/lib/libXfixes-5.0.3.tar.bz2 MD5: 07e01e046a0215574f36a3aacb148be0 libXfixes-5.0.3.tar.bz2 SHA1: ca86342d129c02435a9ee46e38fdf1a04d6b4b91 libXfixes-5.0.3.tar.bz2 SHA256: de1cd33aff226e08cefd0e6759341c2c8e8c9faf8ce9ac6ec38d43e287b22ad6 libXfixes-5.0.3.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXfixes-5.0.3.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXfixes-5.0.3.tar.gz MD5: fd07d0d77e92b0a72ca1740a72322837 libXfixes-5.0.3.tar.gz SHA1: 5b3f9ae580286eeb90ef6833f22ccc95c45011fa libXfixes-5.0.3.tar.gz SHA256: 9ab6c13590658501ce4bd965a8a5d32ba4d8b3bb39a5a5bc9901edffc5666570 libXfixes-5.0.3.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXfixes-5.0.3.tar.gz.sig signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
[ANNOUNCE] libXrender 0.9.10
Lauri Kasanen (1): Fix documentation to explicitly mention premultiplied alpha Matthieu Herrb (1): libXrender 0.9.10 Tobias Stoeckmann (2): Avoid OOB write in XRenderQueryFilters Validate lengths while parsing server data. git tag: libXrender-0.9.10 https://xorg.freedesktop.org/archive/individual/lib/libXrender-0.9.10.tar.bz2 MD5: 802179a76bded0b658f4e9ec5e1830a4 libXrender-0.9.10.tar.bz2 SHA1: d55106de9260c2377c19d271d9b677744a6c7e81 libXrender-0.9.10.tar.bz2 SHA256: c06d5979f86e64cabbde57c223938db0b939dff49fdb5a793a1d3d0396650949 libXrender-0.9.10.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/lib/libXrender-0.9.10.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/lib/libXrender-0.9.10.tar.gz MD5: 98a14fc11aee08b4a1769426ab4b23a3 libXrender-0.9.10.tar.gz SHA1: 704f4571d70e81fcdb40143db938016231f84a05 libXrender-0.9.10.tar.gz SHA256: 770527cce42500790433df84ec3521e8bf095dfe5079454a92236494ab296adf libXrender-0.9.10.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXrender-0.9.10.tar.gz.sig signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
X.Org security advisory: Protocol handling issues in X Window System client libraries
X.Org security advisory: October 4, 2016 Protocol handling issues in X Window System client libraries Description Tobias Stoeckmann from the OpenBSD project has discovered a number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. These issue come in addition to the ones discovered by Ilja van Sprundel in 2013. Most of these issues stem from the client libraries trusting the server to send correct protocol data, and not verifying that the values will not overflow or cause other damage. Most of the time X clients & servers are run by the same user, with the server more privileged than the clients, so this is not a problem, but there are scenarios in which a privileged client can be connected to an unprivileged server, for instance, connecting a setuid X client (such as a screen lock program) to a virtual X server (such as Xvfb or Xephyr) which the user has modified to return invalid data, potentially allowing the user to escalate their privileges. The X.Org security team would like to take this opportunity to remind X client authors that current best practices suggest separating code that requires privileges from the GUI, to reduce the attack surface of issues like this. Affected libraries and CVE Ids libX11 - insufficient validation of data from the X server can cause out of boundary memory read (XGetImage()) or write (XListFonts()). Affected versions libX11 <= 1.6.3 libXfixes - insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures. Affected versions : libXfixes <= 5.0.2 libXi - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). Affected versions libXi <= 1.7.6 libXrandr - insufficient validation of data from the X server can cause out of boundary memory writes. Affected versions: libXrandr <= 1.5.0 libXrender - insufficient validation of data from the X server can cause out of boundary memory writes. Affected version: libXrender <= 0.9.9 XRecord - insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service). Affected version libXtst <= 1.2.2 libXv - insufficient validation of data from the X server can cause out of boundary memory and memory corruption. CVE-2016-5407 affected versions libXv <= 1.0.10 libXvMC - insufficient validation of data from the X server can cause a one byte buffer read underrun. Affected versions: libXvMC <= 1.0.9 Fixes Fixes are available in the following git commits. lib/libX11 8ea762f Validation of server responses in XGetImage() 8c29f16 The validation of server responses avoids out of boundary accesses. libXfixes 61c1039 Integer overflow on illegal server response libXi 19a9cd6 Properly validate server responses. libXrandr a0df3e1 Avoid out of boundary accesses on illegal responses libXrender 9362c7d Validate lengths while parsing server data. 8fad00b Avoid OOB write in XRenderQueryFilters lib/libXtst 9556ad6 Out of boundary access and endless loop in libXtst libXv 87b3c94 Protocol handling issues in libXv libXvMC 2cd95e7 Avoid buffer underflow on empty strings. They will also be available in these modules releases from X.Org: * libX11 1.6.4 * libXfixes 5.0.3 * libXi 1.7.7 * libXrandr 1.5.1 * libXrender 0.9.10 * libXtst 1.2.3 * libXv 1.0.11 * libXvMC 1.0.10 Thanks X.Org thanks Tobias Stoeckmann for reporting these issues to our security team and assisting them in understanding them and evaluating our fixes. -- Matthieu Herrb signature.asc Description: Digital signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce