[Buildroot] [PATCH] package/xserver_xorg-server: security bump to version 21.1.2
Peter Korsgaard
peter at korsgaard.com
Sat Jan 22 16:54:47 UTC 2022
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following vulnerabilities:
> * CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds
> access
> The handler for the CompositeGlyphs request of the Render extension does
> not properly validate the request length leading to out of bounds memory
> write.
> * CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds
> access
> The handler for the CreatePointerBarrier request of the XFixes extension
> does not properly validate the request length leading to out of bounds
> memory write.
> * CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access
> The handler for the Suspend request of the Screen Saver extension does not
> properly validate the request length leading to out of bounds memory
> write.
> * CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access
> The handlers for the RecordCreateContext and RecordRegisterClients
> requests of the Record extension do not properly validate the request
> length leading to out of bounds memory write.
> For details, see the advisory:
> https://lists.x.org/archives/xorg-announce/2021-December/003122.html
> Builds without systemd unfortunately got broken. Add a patch fixing that
> from an upstream merge request:
> https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/827
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
In the mean time xserver 1.20.14 has been released with the same
security fixes, so I've used that for 2021.02.x / 2021.11.x.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list