X.Org Security Advisory: Issues in X.Org X server prior to 21.1.14 and Xwayland prior to 24.1.4
X.Org Security Advisory: October 29, 2024 Issues in X.Org X server prior to 21.1.14 and Xwayland prior to 24.1.4 An issue has been found in the X server and Xwayland implementations published by X.Org for which we are releasing security fixes for in xorg-server-21.1.14 and xwayland-24.1.4. 1) CVE-2024-9632 can be triggered by providing a modified bitmap to the X.Org server. 1) CVE-2024-9632: Heap-based buffer overflow privilege escalation in _XkbSetCompatMap Introduced in: xorg-server-1.1.1 (2006) Fixed in: xorg-server-21.1.14 and xwayland-24.1.4 Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/85b776571487f52e756f68a069c768757369bfe3 Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative The _XkbSetCompatMap() function attempts to resize the `sym_interpret` buffer. However, It didn't update its size properly. It updated `num_si` only, without updating `size_si`. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh). xorg-server-21.1.14 and xwayland-24.1.4 have been patched to fix this issue. X.Org thanks all of those who reported and fixed these issues, and those who helped with the review and release of this advisory and these fixes.
[ANNOUNCE] xorg-server 21.1.14
This release contains the fix for the issue reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2024-October/003545.html * CVE-2024-9632 Additionally, it also contains several other fixes for glamor, Xnest, compilation warnings with newer compilers, FreeBSD issues and more. Alan Coopersmith (11): dix: check for calloc() failure in Xi event conversion routines dix: PolyText: fully initialize local_closure dix: SetFontPath: don't set errorValue on Success dix: enterleave.c: fix implicit fallthrough warnings dix: CreateScratchGC: avoid dereference of pointer we just set to NULL dix: InitPredictableAccelerationScheme: avoid memory leak on failure dix: dixChangeWindowProperty: don't call memcpy if malloc failed dix: ProcListProperties: skip unneeded work if numProps is 0 dix: HashResourceID: use unsigned integers for bit shifting dix: GetPairedDevice: check if GetMaster returned NULL dix: FindBestPixel: fix implicit fallthrough warning Alexey (1): Fixed mirrored glyphs on big-endian machines Enrico Weigelt, metux IT consult (2): Xnest: cursor: fix potentially uninitialized memory Xnest: fix broken exposure events José Expósito (2): ephyr: Fix incompatible pointer type build error xserver 21.1.14 Konstantin (1): glamor: make use of GL_EXT_texture_format_BGRA Matthieu Herrb (4): Don't crash if the client argv or argv[0] is NULL. Return NULL in *cmdname if the client argv or argv[0] is NULL Fix a double-free on syntax error without a new line. xkb: Fix buffer overflow in _XkbSetCompatMap() Olivier Fourdan (1): build: Drop libxcvt requirement from SDK_REQUIRED_MODULES Peter Hutterer (1): dix: fix valuator copy/paste error in the DeviceStateNotify event git tag: xorg-server-21.1.14 https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.14.tar.gz SHA256: b79dbaf668c67da25c4eb5b395eec60f2593240519aefdd3e8645023ef46226f xorg-server-21.1.14.tar.gz SHA512: 58bf3cadbb97f32066a4d45ad4335a68a1cbaafd88fb881ef2c6fb2aa3e0cb874849f77f13b4f755912ef982255c5751b1a49de866bc50941621c3ddef60b548 xorg-server-21.1.14.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.14.tar.gz.sig https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.14.tar.xz SHA256: 8f2102cebdc4747d1656c1099ef610f5063c7422c24a177e300de569b354ee35 xorg-server-21.1.14.tar.xz SHA512: 833d36ca4a409363dc021a50702bc29dbb32d074de319d6910a158b6e4d8f51a20c3b0de0486d9613d4e526fe4fd60ca306b3c9fcce7d014ca8cc10185afd973 xorg-server-21.1.14.tar.xz PGP: https://xorg.freedesktop.org/archive/individual/xserver/xorg-server-21.1.14.tar.xz.sig OpenPGP_0x14706DBE1E4B4540.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
[ANNOUNCE] xwayland 24.1.4
This release contains the fix for the issue reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2024-October/003545.html * CVE-2024-9632 José Expósito (1): Bump version to 24.1.4 Matthieu Herrb (1): xkb: Fix buffer overflow in _XkbSetCompatMap() git tag: xwayland-24.1.4 https://xorg.freedesktop.org/archive/individual/xserver/xwayland-24.1.4.tar.xz SHA256: d96a78dbab819f5575017344995b5031ebdcc15b77afebbd8dbc02af34f4 xwayland-24.1.4.tar.xz SHA512: 7d3e4fdf67f07f79d8ddefc0077d10f811fe5ab1f919a922b5afc5dd9843eb2e0bc0a8b22a0886521eb04a993e06a250469d3594d5add34d6412c76c60f8 xwayland-24.1.4.tar.xz PGP: https://xorg.freedesktop.org/archive/individual/xserver/xwayland-24.1.4.tar.xz.sig
Keyboard config proper documentation?
Is there anything that could be described as clear and consise documentation of how keyboards should be configured in 2024? I bring this up again because this problem with arrow keys caused me several weeks of pain, grief, headache, toil, and misery... I solved the problem completely and, ahem, permanently by re-installing a legacy keyboard framework... I am losing sleep over the thought that this solution will go back to not working at some arbitrary date in the future. This is not fair to me. =| So is there even any usable documentation about how to "correctly" set up the keyboard, ie could be printed on a note-card with normal fonts and followed by a third grader? I'm old enough to remember how to do this in MS dos... You downloaded a dvorak.cpl file and loaded it with the mode command... It literally was a built-in feature and only took one line to use... And if you didn't touch it at all, it would work flawlessly in QWERTY mode... -- You can't out-crazy a Democrat. #EggCrisis #BlackWinter White is the new Kulak. Powers are not rights.
