aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2018-10-29 19:32:19 +0100
committerNatanael Copa <ncopa@alpinelinux.org>2018-10-29 19:34:51 +0100
commit200ed130cd6de4484176410175e321c8dfc55f09 (patch)
tree7792bd0eb794bb292ea1d1bcddb16cfd81060c93
parent749e4d6cbbdda104e75e646ce9780dd118e6fcff (diff)
downloadaports-200ed130cd6de4484176410175e321c8dfc55f09.tar.gz
aports-200ed130cd6de4484176410175e321c8dfc55f09.tar.bz2
aports-200ed130cd6de4484176410175e321c8dfc55f09.tar.xz
main/xorg-server: security fix (CVE-2018-14665)
fixes #9599
-rw-r--r--main/xorg-server/APKBUILD6
-rw-r--r--main/xorg-server/CVE-2018-14665.patch50
2 files changed, 55 insertions, 1 deletions
diff --git a/main/xorg-server/APKBUILD b/main/xorg-server/APKBUILD
index 7aee597f56..33baccffdc 100644
--- a/main/xorg-server/APKBUILD
+++ b/main/xorg-server/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=xorg-server
pkgver=1.19.5
-pkgrel=0
+pkgrel=1
pkgdesc="X.Org X servers"
url="http://xorg.freedesktop.org"
arch="all"
@@ -80,11 +80,14 @@ source="http://www.x.org/releases/individual/xserver/$pkgname-$pkgver.tar.bz2
autoconfig-nvidia.patch
autoconfig-sis.patch
fix-musl-arm.patch
+ CVE-2018-14665.patch
20-modules.conf
"
builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
+# 1.19.5-r1:
+# - CVE-2018-14665
# 1.19.5-r0:
# - CVE-2017-12176
# - CVE-2017-12177
@@ -212,4 +215,5 @@ sha512sums="928dea5850b98cd815004cfa133eca23cfa9521920c934c68a92787f2cae13cca153
4dcaa60fbfc61636e7220a24a72bba19984a6dc752061cb40b1bd566c0e614d08927b6c223ffaaaa05636765fddacdc3113fde55d25fd09cd0c786ff44f51447 autoconfig-nvidia.patch
30a78f4278edd535c45ee3f80933427cb029a13abaa4b041f816515fdd8f64f00b9c6aef50d4eba2aaf0d4f333e730399864fd97fa18891273601c77a6637200 autoconfig-sis.patch
b799e757a22a61ac283adbd7a8df1ad4eccce0bb6cac38a0c962ba8438bba3cf6637a65bb64859e7b32399fca672283a49960207e186c271ba574580de360d09 fix-musl-arm.patch
+3a5726e0b5eeabf65cdc652b376f6aff97414b7712c2bbd63866a38051a721f9c84e635adf57c998aaab6817b2d5af5022d72cf6da6c9200495c1ce06867f8ce CVE-2018-14665.patch
95036f2452732cc31f6b646da9f46b7be30f4c9392724386b02f67fece1f506b00e15d14cbd8cf0ce75ca1fd144b4bea7e59288d4aaf4d6c1e06e5168931eb67 20-modules.conf"
diff --git a/main/xorg-server/CVE-2018-14665.patch b/main/xorg-server/CVE-2018-14665.patch
new file mode 100644
index 0000000000..68b5734383
--- /dev/null
+++ b/main/xorg-server/CVE-2018-14665.patch
@@ -0,0 +1,50 @@
+From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Tue, 23 Oct 2018 21:29:08 +0200
+Subject: [PATCH] Disable -logfile and -modulepath when running with elevated
+ privileges
+
+Could cause privilege elevation and/or arbitrary files overwrite, when
+the X server is running with elevated privileges (ie when Xorg is
+installed with the setuid bit set and started by a non-root user).
+
+CVE-2018-14665
+
+Issue reported by Narendra Shinde and Red Hat.
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+---
+ hw/xfree86/common/xf86Init.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
+index 6c25eda73..0f57efa86 100644
+--- a/hw/xfree86/common/xf86Init.c
++++ b/hw/xfree86/common/xf86Init.c
+@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i)
+ /* First the options that are not allowed with elevated privileges */
+ if (!strcmp(argv[i], "-modulepath")) {
+ CHECK_FOR_REQUIRED_ARGUMENT();
+- xf86CheckPrivs(argv[i], argv[i + 1]);
++ if (xf86PrivsElevated())
++ FatalError("\nInvalid argument -modulepath "
++ "with elevated privileges\n");
+ xf86ModulePath = argv[i + 1];
+ xf86ModPathFrom = X_CMDLINE;
+ return 2;
+ }
+ if (!strcmp(argv[i], "-logfile")) {
+ CHECK_FOR_REQUIRED_ARGUMENT();
+- xf86CheckPrivs(argv[i], argv[i + 1]);
++ if (xf86PrivsElevated())
++ FatalError("\nInvalid argument -logfile "
++ "with elevated privileges\n");
+ xf86LogFile = argv[i + 1];
+ xf86LogFileFrom = X_CMDLINE;
+ return 2;
+--
+2.18.1
+