www.cendio.com
Bug 4656 - Investigate whether we're affected by X.Orgs 2013-05-23 security advisory
: Investigate whether we're affected by X.Orgs 2013-05-23 security advisory
Status: CLOSED FIXED
: ThinLinc
VNC
: trunk
: PC Unknown
: P2 Normal
: 4.1.1
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2013-05-24 09:45 by
Modified: 2013-10-30 11:01 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2013-05-24 09:45:05
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23

> Ilja van Sprundel, a security researcher with IOActive, has discovered a
> large number of issues in the way various X client libraries handle the
> responses they receive from servers, and has worked with X.Org's security
> team to analyze, confirm, and fix these issues.
>
> Most of these issues stem from the client libraries trusting the server to
> send correct protocol data, and not verifying that the values will not
> overflow or cause other damage. Most of the time X clients & servers are run
> by the same user, with the server more privileged from the clients, so this
> is not a problem, but there are scenarios in which a privileged client can be
> connected to an unprivileged server, for instance, connecting a setuid X
> client (such as a screen lock program) to a virtual X server (such as Xvfb or
> Xephyr) which the user has modified to return invalid data, potentially
> allowing the user to escalate their privileges.
------- Comment #1 From cendio 2013-05-24 09:45:46 -------
*** Bug 4657 has been marked as a duplicate of this bug. ***
------- Comment #2 From cendio 2013-07-09 16:03:29 -------
X libraries updated in r27641. Mesa hasn't released anything with the fixes
yet. We'll wait a bit longer and see if they do. Otherwise we'll have to bundle
the patches.
------- Comment #3 From cendio 2013-10-08 14:15:42 -------
Mesa patched in r28004.
------- Comment #5 From cendio 2013-10-11 14:31:45 -------
Fixes are included in following library version;


libX11 1.5.99.902 (1.6 RC2) - Not updated, current version 1.5.0
libXcursor 1.1.14           - Updated and used by buildsystem.
libXext 1.3.2               - Updated and used by buildsystem.
libXfixes 5.0.1             - Updated and used by buildsystem.
libXi 1.6.2.901 (1.6.3 RC1) - Updated and used by buildsystem. version 1.7.2
libXinerama 1.1.3           - Updated and used by buildsystem.
libXp 1.0.2                 - Not used by ThinLinc
libXrandr 1.4.1             - Updated and used by buildsystem.
libXrender 0.9.8            - Updated and used by buildsystem. 
libXRes 1.0.7               - Not used by ThinLinc
libXtst 1.2.2               - Updated and used by buildsystem.
libXv 1.0.8                 - Not used by ThinLinc
libXvMC 1.0.8               - Not used by ThinLinc
libXxf86dga 1.1.4           - Not used by ThinLinc
libXxf86vm 1.1.3            - Updated and used by buildsystem.
libdmx 1.1.3                - Not used by ThinLinc
libxcb 1.9.1                - Updated and used by buildsystem.
libFS 1.0.5                 - Not used by ThinLinc
libXt 1.1.4                 - Not used by ThinLinc
------- Comment #6 From cendio 2013-10-14 12:41:15 -------
libX11 upgraded in r28029.
------- Comment #7 From cendio 2013-10-14 13:56:49 -------
(In reply to comment #6)
> libX11 upgraded in r28029.

Verified that libX11 is upgraded to version 1.6.2, and that the build system is
now updated and using the latest version.
------- Comment #8 From cendio 2013-10-14 14:00:22 -------
(In reply to comment #3)
> Mesa patched in r28004.

Verfied that the package release version is update inline with the new patches
that is applied. Also verified that the build system is using the new version
9.1.1-2
------- Comment #9 From cendio 2013-10-30 11:01:45 -------
These bugs should not cause any issues in a typical ThinLinc deployment.