[ANNOUNCE] xorg-server 1.20.10
Alex Goins (1): glamor: Update pixmap's devKind when making it exportable Arthur Williams (1): include: Increase the number of max. input devices to 256. Bernhard Übelacker (1): os: Fix instruction pointer written in xorg_backtrace Greg V (1): xwayland: use drmGetNodeTypeFromFd for checking if a node is a render one Kishore Kadiyala (1): modesetting: keep going if a modeset fails on EnterVT Martin Peres (1): modesetting: check the kms state on EnterVT Matt Turner (1): xserver 1.20.10 Matthieu Herrb (2): Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows Check SetMap request length carefully. Michel Dänzer (10): glamor: Fix glamor_poly_fill_rect_gl xRectangle::width/height handling xfree86: Take second reference for SavedCursor in xf86CursorSetCursor present/wnmd: Can't use page flipping for windows clipped by children xwayland: Check window pixmap in xwl_present_check_flip2 present/wnmd: Remove dead check from present_wnmd_check_flip present: Move flip target_msc adjustment out of present_vblank_create present: Add present_vblank::exec_msc field present/wnmd: Move up present_wnmd_queue_vblank present/wnmd: Execute copies at target_msc-1 already present/wnmd: Translate update region to screen space Olivier Fourdan (8): Revert "linux: Fix platform device probe for DT-based PCI" Revert "linux: Fix platform device PCI detection for complex bus topologies" Revert "linux: Make platform device probe less fragile" xwayland: Do not discard frame callbacks on allow commits xwayland: Remove pending stream reference when freeing xwayland: non-rootless requires the wl_shell protocol xwayland: Create an xwl_window for toplevel only configure: Build hashtable for Xres and glvnd git tag: xorg-server-1.20.10 https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.20.10.tar.bz2 SHA256: 977420c082450dc808de301ef56af4856d653eea71519a973c3490a780cb7c99 xorg-server-1.20.10.tar.bz2 SHA512: a07bee380bb72f2117fe6f831a6e4aded19bea1f2b36e42a019a30348e98d6fe65c0617cf819be9c6b405502f88cafb829df30aab32393774b71f1418a4cefae xorg-server-1.20.10.tar.bz2 PGP: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.20.10.tar.bz2.sig https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.20.10.tar.gz SHA256: 02f2198608b6191b7f8c65158bd4613734ec1c5c3d6784c5177f41b5cd2d30a3 xorg-server-1.20.10.tar.gz SHA512: 76fc1c6d45494800500aac4d4a584790750db31d96c79cff60a76d78f7375ffd845412879f77510b283685e6918cef6e48fb466b7c549a962c12e154dd848413 xorg-server-1.20.10.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.20.10.tar.gz.sig signature.asc Description: PGP signature ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce
X.Org server security advisory: December 1, 2020
X.Org server security advisory: December 1, 2020 Multiple input validation failures in X server XKB extension These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged. * CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access Insufficient checks on the lengths of the XkbSetMap request can lead to out of bounds memory accesses in the X server. * CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow Insufficient checks on input of the XkbSetDeviceInfo request can lead to a buffer overflow on the head in the X server. Patches --- Patches for these issues have been committed to the xorg server git repository. xorg-server 1.20.10 will be released shortly and will include these patches. https://gitlab.freedesktop.org/xorg/xserver.git commit 446ff2d3177087b8173fa779fa5b77a2a128988b Check SetMap request length carefully. Avoid out of bounds memory accesses on too short request. ZDI-CAN 11572 / CVE-2020-14360 commit 87c64fc5b0db9f62f4e361444f4b60501ebf67b9 Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows ZDI-CAN 11389 / CVE-2020-25712 Thanks == These vulnerabilities have been discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. -- Matthieu Herrb ___ xorg-announce mailing list xorg-announce@lists.x.org https://lists.x.org/mailman/listinfo/xorg-announce