This bug was fixed in the package xwayland - 2:23.2.0-1ubuntu0.6
---------------
xwayland (2:23.2.0-1ubuntu0.6) mantic-security; urgency=medium
* SECURITY REGRESSION: Fix for CVE-2024-31083 introduced a potential
double-free error, causing X to crash
- debian/patches/CVE-2024-31083-regression_fix-MR_1476.patch:
render: Avoid possible double-free in ProcRenderAddGlyphs()
- LP: #2060354
-- Steve Beattie <[email protected]> Mon, 08 Apr 2024
20:37:39 -0700
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/2060354
Title:
Segfaults and assertion failures in Xorg's render/glyph.c
Status in X.Org X server:
Unknown
Status in xorg-server package in Ubuntu:
Triaged
Status in xwayland package in Ubuntu:
Triaged
Status in xorg-server source package in Focal:
Fix Released
Status in xorg-server source package in Jammy:
Fix Released
Status in xwayland source package in Jammy:
Fix Released
Status in xorg-server source package in Mantic:
Fix Released
Status in xwayland source package in Mantic:
Fix Released
Status in xorg-server source package in Noble:
Triaged
Status in xwayland source package in Noble:
Triaged
Bug description:
I just upgraded xserver-xorg-core and xserver-common to
2:21.1.4-2ubuntu1.7-22.04.9 and when starting IntelliJ IDEA Ultimate
EAP (downloaded from JerBrains website) Xorg server crashes with
segfault:
X.Org X Server 1.21.1.4
X Protocol Version 11, Revision 0
Current Operating System: Linux nazar-pc 6.8.4-x64v4-xanmod1
#0~20240404.gdb9d4f4 SMP PREEMPT_DYNAMIC Thu Apr 4 20:28:35 UTC x86_64
Kernel command line: BOOT_IMAGE=/root/boot/vmlinuz-6.8.4-x64v4-xanmod1
root=UUID=5170aca4-061a-4c6c-ab00-bd7fc8ae6030 ro rootflags=subvol=root
nosplash amd_iommu=on intel_iommu=on libahci.ignore_sss=1 fastboot
xorg-server 2:21.1.4-2ubuntu1.7~22.04.9 (For technical support please see
http://www.ubuntu.com/support)
Current version of pixman: 0.40.0
Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Sat Apr 6 15:28:18 2024
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
malloc(): unaligned tcache chunk detected
(EE)
(EE) Backtrace:
(EE) 0: /usr/lib/xorg/Xorg (OsLookupColor+0x139) [0x5def21b09ab9]
(EE) 1: /lib/x86_64-linux-gnu/libc.so.6 (__sigaction+0x50) [0x7ec01c442520]
(EE) 2: /lib/x86_64-linux-gnu/libc.so.6 (pthread_kill+0x12c) [0x7ec01c4969fc]
(EE) 3: /lib/x86_64-linux-gnu/libc.so.6 (raise+0x16) [0x7ec01c442476]
(EE) 4: /lib/x86_64-linux-gnu/libc.so.6 (abort+0xd3) [0x7ec01c4287f3]
(EE) 5: /lib/x86_64-linux-gnu/libc.so.6 (__fsetlocking+0x426) [0x7ec01c489676]
(EE) 6: /lib/x86_64-linux-gnu/libc.so.6 (timer_settime+0x2cc) [0x7ec01c4a0cfc]
(EE) 7: /lib/x86_64-linux-gnu/libc.so.6 (malloc+0x33c) [0x7ec01c4a53dc]
(EE) 8: /usr/lib/xorg/Xorg (SetGlyphPicture+0x15d) [0x5def21a6311d]
(EE) 9: /usr/lib/xorg/Xorg (AddTraps+0x347a) [0x5def21a6b8da]
(EE) 10: /usr/lib/xorg/Xorg (SendErrorToClient+0x365) [0x5def21993635]
(EE) 11: /usr/lib/xorg/Xorg (InitFonts+0x3c4) [0x5def219976b4]
(EE) 12: /lib/x86_64-linux-gnu/libc.so.6 (__libc_init_first+0x90)
[0x7ec01c429d90]
(EE) 13: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0x80)
[0x7ec01c429e40]
(EE) 14: /usr/lib/xorg/Xorg (_start+0x25) [0x5def21980605]
(EE)
(EE)
Fatal server error:
(EE) Caught signal 6 (Aborted). Server aborting
(EE)
(EE)
Please consult the The X.Org Foundation support
at http://wiki.x.org
for help.
(EE) Please also check the log file at "/var/log/Xorg.0.log" for additional
information.
(EE)
(II) AIGLX: Suspending AIGLX clients for VT switch
(EE) Server terminated with error (1). Closing log file.
Downgraded to 2:21.1.3-2ubuntu2 for now and it works. Looks like
security backports were done incorrectly.
To manage notifications about this bug go to:
https://bugs.launchpad.net/xorg-server/+bug/2060354/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
