Summary: | <x11-base/xorg-server[wayland]-1.16.4-r3: Missing authentication in XWayland (CVE-2015-3164) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Manuel Rüger (RETIRED) <mrueg> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | x11 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html | ||
Whiteboard: | B1 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 559062 | ||
Bug Blocks: |
Description
Manuel Rüger (RETIRED)
2015-06-10 15:58:37 UTC
Relevant upstream commits: http://cgit.freedesktop.org/xorg/xserver/commit/?id=c4534a38b68aa07fb82318040dc8154fb48a9588 http://cgit.freedesktop.org/xorg/xserver/commit/?id=4b4b9086d02b80549981d205fb1f495edc373538 http://cgit.freedesktop.org/xorg/xserver/commit/?id=76636ac12f2d1dbdf7be08222f80e7505d53c451 This affects xorg-server-1.16 and newer when built with USE="wayland". Older versions are not affected. http://lists.x.org/archives/xorg-announce/2015-June/002614.html [ANNOUNCE] xorg-server 1.17.2 This picks up a pile of fixes from master. Notable highlights: - Fix for CVE-2015-3164 in Xwayland - Fix int10 setup for vesa - Fix regression in server-interpreted auth - Fix fb setup on big-endian CPUs - Build fix for for gcc5 Complete changelog: Aaron Plattner (2): xfree86: Fix xf86_check_platform_slot's handling of PCI xfree86: Add GPU screens even if there are no active GDevs Adam Jackson (1): xserver 1.17.2 Adel Gadllah (1): modesetting: Fix software cursor fallback Alan Coopersmith (2): Clear ListenTransConns entries in CloseWellKnownConnections Accept x86_64 as well as i*86 for $host_cpu in Solaris on x86 Brent Collins (1): shm: Fix xselinux resource initialization for xinerama pixmaps Chris Wilson (2): shm: Fix use-after-free in ShmDestroyPixmap present: Copy unflip contents back to the Screen Pixmap Colin Harrison (2): os/xdmcp.c: Include Xtrans.h when building for WIN32 os/utils.c: Don't try to build os_move_fd() for WIN32 Dave Airlie (2): os/access: fix regression in server interpreted auth glamor: don't do render ops with matching source/dest (v2) Dima Ryazanov (1): xwayland: Implement smooth scrolling Egbert Eich (6): symbols: Fix sdksyms.sh to cope with gcc5 Xephyr: Don't crash when no command line argument is specified Xephyr: Print default server display number if none is specified Xephyr: Fix compile when debugging is enabled Xephyr: Fix screen image draw for the non-Glamor & non-XHSM case Xephyr: Fix broken image when endianess of client machine and host-Xserver differ Emil Velikov (2): randr: remove chatty error messages randr: use randr: prefix in ErrorF() Hans de Goede (1): Re-enable non serverfd input devices immediately on vtenter Jason Gerecke (2): xfree86: Return NULL from xf86CompatOutput if no compat_output is defined dix: Do not allow device transform to be set on valuatorless devices Jon TURNEY (9): ephyr: Avoid a segfault with 'DISPLAY= Xephy -glamor' os: XDMCP options like -query etc. should imply -listen tcp os: Teach vpnprintf() how to handle "%*.*s" hw/xwin/glx: Refactor parsing of the <proto> XML element hw/xwin/glx: Improve code generator to deal with latest Khronos OpenGL registry XML hw/xwin: Report Cygwin version information in log glamor: Fix build when configured --enable-glamor --disable-xshmfence hw/xwin/winclipboard: Link xwinclip with -lpthread hw/xnest: Fix build for MinGW Jonathan Gray (2): glamor: remove const from the return type of glamor_get_drawable_location() glamor: fix build when DRI3 is not defined Jürg Billeter (1): int10: Fix error check for pci_device_map_legacy Keith Packard (1): mi: Partial pie-slice filled arcs may need more space for spans Maarten Lankhorst (4): glamor: only use (un)pack_subimage when available glamor: do not check for gl errors in glamor_build_program glamor: Use GL_FRAMEBUFFER instead of GL_READ_FRAMEBUFFER glamor: GL_TEXTURE_MAX_LEVEL is not available on GLES2 Michal Srb (1): Expose GetMaster to modules. Michel Dänzer (2): Add AC_SYS_LARGEFILE defines to dix-config.h modesetting: Include dix-config.h from dumb_bo.c Olivier Fourdan (4): ephyr: Fail if glamor is requested but not usable xwayland: Add dependency on glamor libs glamor: check max native ALU instructions dix: Fix image byte order on big endian hardware Ray Strode (5): systemd-logind: filter out non-signal messages from message filter systemd-logind: don't second guess D-Bus default timeout xwayland: Enable access control on open sockets [CVE-2015-3164 1/3] os: support new implicit local user access mode [CVE-2015-3164 2/3] xwayland: default to local user if no xauth file given. [CVE-2015-3164 3/3] Robert Ancell (1): xwayland: Fix error strings Rui Matos (2): dix/events: Set currentTime to the given time stamp in NoticeTime xwayland: Throttle our cursor surface updates with a frame callback Vicente Olivert Riera (1): backtrace.c: Fix word cast to a pointer git tag: xorg-server-1.17.2 renamed copy of xorg-server-1.17.1-r1.ebuild works CVE-2015-3164 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3164): The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. 1.17.2 in tree. The fixes should be probably ported back to the older versions in tree. Is it ready to go stable? (In reply to Mikle Kolyada from comment #6) > Is it ready to go stable? Running 1.17.2 here with MATE and works fine. Maintainer(s), please advise if you when you are ready for stabilization or call for stabilization yourself. Will call for stabilization on 8/15 if not done by then. Before xorg-server-1.17.2 can go stable, a number of other packages need to go stable first. This is further complicated by the transition to new eselect-opengl. xorg-server-1.16.4-r3 and xorg-server-1.16.4-r4 have been pushed to fix this issue. fwiw to elucidate on comment #9 in order to upgrade to xorg-xserver 1.17.2 on my machine I attempted the keywording necessary for my machine. All of the following were required =x11-libs/libdrm-2.4.64 ~amd64 =x11-base/xorg-server-1.17.2 ~amd64 =media-libs/mesa-10.6.5 ~amd64 =x11-base/xorg-drivers-1.17 ~amd64 =x11-proto/glproto-1.4.17-r1 ~amd64 =app-eselect/eselect-opengl-1.3.1-r4 ~amd64 this was attempted and X then failed to start with startxfce4 or kdm For 1.16 - Currently in the tree we have 1.16.4-r5. Are we ready to go stable with that version? 1.17.4 is non stable if you encounter issues with it. 1.17.2 pushed the security fix for this issue. If you encounter any problems with any 1.17 versions please file another Bug. x11-base/xorg-server-1.16.4-r5 is being stabilized in bug 559062. Marking dependence. This issue was resolved and addressed in GLSA 201701-64 at https://security.gentoo.org/glsa/201701-64 by GLSA coordinator Thomas Deutschmann (whissi). |