Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
xorg-x11-server.33719
u_Xext-shm-Validate-shmseg-resource-id.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File u_Xext-shm-Validate-shmseg-resource-id.patch of Package xorg-x11-server.33719
Patch-mainline: To be upstreamed Author: Michal Srb <msrb@suse.com> Subject: Xext/shm: Validate shmseg resource id. References: bnc#1052984 CVE-2017-13721 Otherwise it can belong to a non-existing client and abort X server with FatalError "client not in use", or overwrite existing segment of another existing client. --- Please let me know if this does not belong to xorg-security. I don't want to spam here, but I also don't want to risk sending a possible vulnerability to public mailing list. Xext/shm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/Xext/shm.c b/Xext/shm.c index 91ea90b14..2f9a78808 100644 --- a/Xext/shm.c +++ b/Xext/shm.c @@ -1238,6 +1238,7 @@ ProcShmCreateSegment(ClientPtr client) }; REQUEST_SIZE_MATCH(xShmCreateSegmentReq); + LEGAL_NEW_RESOURCE(stuff->shmseg, client); if ((stuff->readOnly != xTrue) && (stuff->readOnly != xFalse)) { client->errorValue = stuff->readOnly; return BadValue; -- 2.12.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor