diff options
-rw-r--r-- | main/xorg-server/APKBUILD | 6 | ||||
-rw-r--r-- | main/xorg-server/CVE-2018-14665.patch | 50 |
2 files changed, 55 insertions, 1 deletions
diff --git a/main/xorg-server/APKBUILD b/main/xorg-server/APKBUILD index 7aee597f56b..33baccffdce 100644 --- a/main/xorg-server/APKBUILD +++ b/main/xorg-server/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=xorg-server pkgver=1.19.5 -pkgrel=0 +pkgrel=1 pkgdesc="X.Org X servers" url="http://xorg.freedesktop.org" arch="all" @@ -80,11 +80,14 @@ source="http://www.x.org/releases/individual/xserver/$pkgname-$pkgver.tar.bz2 autoconfig-nvidia.patch autoconfig-sis.patch fix-musl-arm.patch + CVE-2018-14665.patch 20-modules.conf " builddir="$srcdir"/$pkgname-$pkgver # secfixes: +# 1.19.5-r1: +# - CVE-2018-14665 # 1.19.5-r0: # - CVE-2017-12176 # - CVE-2017-12177 @@ -212,4 +215,5 @@ sha512sums="928dea5850b98cd815004cfa133eca23cfa9521920c934c68a92787f2cae13cca153 4dcaa60fbfc61636e7220a24a72bba19984a6dc752061cb40b1bd566c0e614d08927b6c223ffaaaa05636765fddacdc3113fde55d25fd09cd0c786ff44f51447 autoconfig-nvidia.patch 30a78f4278edd535c45ee3f80933427cb029a13abaa4b041f816515fdd8f64f00b9c6aef50d4eba2aaf0d4f333e730399864fd97fa18891273601c77a6637200 autoconfig-sis.patch b799e757a22a61ac283adbd7a8df1ad4eccce0bb6cac38a0c962ba8438bba3cf6637a65bb64859e7b32399fca672283a49960207e186c271ba574580de360d09 fix-musl-arm.patch +3a5726e0b5eeabf65cdc652b376f6aff97414b7712c2bbd63866a38051a721f9c84e635adf57c998aaab6817b2d5af5022d72cf6da6c9200495c1ce06867f8ce CVE-2018-14665.patch 95036f2452732cc31f6b646da9f46b7be30f4c9392724386b02f67fece1f506b00e15d14cbd8cf0ce75ca1fd144b4bea7e59288d4aaf4d6c1e06e5168931eb67 20-modules.conf" diff --git a/main/xorg-server/CVE-2018-14665.patch b/main/xorg-server/CVE-2018-14665.patch new file mode 100644 index 00000000000..68b5734383d --- /dev/null +++ b/main/xorg-server/CVE-2018-14665.patch @@ -0,0 +1,50 @@ +From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@herrb.eu> +Date: Tue, 23 Oct 2018 21:29:08 +0200 +Subject: [PATCH] Disable -logfile and -modulepath when running with elevated + privileges + +Could cause privilege elevation and/or arbitrary files overwrite, when +the X server is running with elevated privileges (ie when Xorg is +installed with the setuid bit set and started by a non-root user). + +CVE-2018-14665 + +Issue reported by Narendra Shinde and Red Hat. + +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +Reviewed-by: Adam Jackson <ajax@redhat.com> +--- + hw/xfree86/common/xf86Init.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c +index 6c25eda73..0f57efa86 100644 +--- a/hw/xfree86/common/xf86Init.c ++++ b/hw/xfree86/common/xf86Init.c +@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i) + /* First the options that are not allowed with elevated privileges */ + if (!strcmp(argv[i], "-modulepath")) { + CHECK_FOR_REQUIRED_ARGUMENT(); +- xf86CheckPrivs(argv[i], argv[i + 1]); ++ if (xf86PrivsElevated()) ++ FatalError("\nInvalid argument -modulepath " ++ "with elevated privileges\n"); + xf86ModulePath = argv[i + 1]; + xf86ModPathFrom = X_CMDLINE; + return 2; + } + if (!strcmp(argv[i], "-logfile")) { + CHECK_FOR_REQUIRED_ARGUMENT(); +- xf86CheckPrivs(argv[i], argv[i + 1]); ++ if (xf86PrivsElevated()) ++ FatalError("\nInvalid argument -logfile " ++ "with elevated privileges\n"); + xf86LogFile = argv[i + 1]; + xf86LogFileFrom = X_CMDLINE; + return 2; +-- +2.18.1 + |