Bug 4656 - Investigate whether we're affected by X.Orgs 2013-05-23 security advisory
Summary: Investigate whether we're affected by X.Orgs 2013-05-23 security advisory
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: VNC (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.1.1
Assignee: Pierre Ossman
URL:
Keywords: hean01_tester, prosaic
: 4657 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-05-24 09:45 CEST by Karl Mikaelsson
Modified: 2013-10-30 11:01 CET (History)
1 user (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Karl Mikaelsson cendio 2013-05-24 09:45:05 CEST 
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23

> Ilja van Sprundel, a security researcher with IOActive, has discovered a
> large number of issues in the way various X client libraries handle the
> responses they receive from servers, and has worked with X.Org's security
> team to analyze, confirm, and fix these issues.
>
> Most of these issues stem from the client libraries trusting the server to
> send correct protocol data, and not verifying that the values will not
> overflow or cause other damage. Most of the time X clients & servers are run
> by the same user, with the server more privileged from the clients, so this
> is not a problem, but there are scenarios in which a privileged client can be
> connected to an unprivileged server, for instance, connecting a setuid X
> client (such as a screen lock program) to a virtual X server (such as Xvfb or
> Xephyr) which the user has modified to return invalid data, potentially
> allowing the user to escalate their privileges.
Comment 1 Karl Mikaelsson cendio 2013-05-24 09:45:46 CEST 
*** Bug 4657 has been marked as a duplicate of this bug. ***
Comment 2 Pierre Ossman cendio 2013-07-09 16:03:29 CEST 
X libraries updated in r27641. Mesa hasn't released anything with the fixes yet. We'll wait a bit longer and see if they do. Otherwise we'll have to bundle the patches.
Comment 3 Pierre Ossman cendio 2013-10-08 14:15:42 CEST 
Mesa patched in r28004.
Comment 5 Henrik Andersson cendio 2013-10-11 14:31:45 CEST 
Fixes are included in following library version;


libX11 1.5.99.902 (1.6 RC2) - Not updated, current version 1.5.0
libXcursor 1.1.14           - Updated and used by buildsystem.
libXext 1.3.2               - Updated and used by buildsystem.
libXfixes 5.0.1             - Updated and used by buildsystem.
libXi 1.6.2.901 (1.6.3 RC1) - Updated and used by buildsystem. version 1.7.2
libXinerama 1.1.3           - Updated and used by buildsystem.
libXp 1.0.2                 - Not used by ThinLinc
libXrandr 1.4.1             - Updated and used by buildsystem.
libXrender 0.9.8            - Updated and used by buildsystem. 
libXRes 1.0.7               - Not used by ThinLinc
libXtst 1.2.2               - Updated and used by buildsystem.
libXv 1.0.8                 - Not used by ThinLinc
libXvMC 1.0.8               - Not used by ThinLinc
libXxf86dga 1.1.4           - Not used by ThinLinc
libXxf86vm 1.1.3            - Updated and used by buildsystem.
libdmx 1.1.3                - Not used by ThinLinc
libxcb 1.9.1                - Updated and used by buildsystem.
libFS 1.0.5                 - Not used by ThinLinc
libXt 1.1.4                 - Not used by ThinLinc
Comment 6 Pierre Ossman cendio 2013-10-14 12:41:15 CEST 
libX11 upgraded in r28029.
Comment 7 Henrik Andersson cendio 2013-10-14 13:56:49 CEST 
(In reply to comment #6)
> libX11 upgraded in r28029.

Verified that libX11 is upgraded to version 1.6.2, and that the build system is now updated and using the latest version.
Comment 8 Henrik Andersson cendio 2013-10-14 14:00:22 CEST 
(In reply to comment #3)
> Mesa patched in r28004.

Verfied that the package release version is update inline with the new patches that is applied. Also verified that the build system is using the new version 9.1.1-2
Comment 9 Peter Åstrand cendio 2013-10-30 11:01:45 CET 
These bugs should not cause any issues in a typical ThinLinc deployment.
Note You need to log in before you can comment on or make changes to this bug.