[Buildroot] [PATCH] xserver_xorg-server: add upstream security fixes for CVE-2017-10971 / 10972
Peter Korsgaard
peter at korsgaard.com
Wed Jul 19 13:58:54 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Add upstream patches fixing the following security issues:
> CVE-2017-10971:
> The endianess handling for X Events assumed a fixed size of X Event structures and
> had a specific 32 byte stack buffer for that.
> However "GenericEvents" can have any size, so if the events were sent in the wrong
> endianess, this stack buffer could be overflowed easily.
> So authenticated X users could overflow the stack in the X Server and with the X
> server usually running as root gaining root prileveges.
> CVE-2017-10972:
> An information leak out of the X server due to an uninitialized stack area when swapping
> event endianess.
> For more details, see the advisory:
> http://www.openwall.com/lists/oss-security/2017/07/06/6
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.02.x and 2017.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list