From b586aa1f648f73adaaca1623e78ecae78faad878 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 12 2018 20:24:50 +0000 Subject: import xorg-x11-server-1.20.1-5.el7 --- diff --git a/SOURCES/0001-Disable-logfile-and-modulepath-when-running-with-ele.patch b/SOURCES/0001-Disable-logfile-and-modulepath-when-running-with-ele.patch deleted file mode 100644 index 9a0769e..0000000 --- a/SOURCES/0001-Disable-logfile-and-modulepath-when-running-with-ele.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 2fda7c57e7ebe210cf5e2bb051a0a9271f85e80a Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb -Date: Mon, 22 Oct 2018 14:33:25 -0400 -Subject: [PATCH xserver] Disable -logfile and -modulepath when running with - elevated privileges - -An unprivileged user was able to overwrite arbitrary files -in directories in which it is able to chdir, potentially -leading to privilege elevation. - -CVE-2018-14665 - -An unprivileded user was able to load arbitrary modules -from user controlled directories, leading to privilege -elevation. - -CVE-2018-XXXXX - -Issues reported by Narendra Shinde - -Signed-off-by: Matthieu Herrb -Reviewed-by: Alan Coopersmith ---- - hw/xfree86/common/xf86Init.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c -index 6c25eda739..0f57efa863 100644 ---- a/hw/xfree86/common/xf86Init.c -+++ b/hw/xfree86/common/xf86Init.c -@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i) - /* First the options that are not allowed with elevated privileges */ - if (!strcmp(argv[i], "-modulepath")) { - CHECK_FOR_REQUIRED_ARGUMENT(); -- xf86CheckPrivs(argv[i], argv[i + 1]); -+ if (xf86PrivsElevated()) -+ FatalError("\nInvalid argument -modulepath " -+ "with elevated privileges\n"); - xf86ModulePath = argv[i + 1]; - xf86ModPathFrom = X_CMDLINE; - return 2; - } - if (!strcmp(argv[i], "-logfile")) { - CHECK_FOR_REQUIRED_ARGUMENT(); -- xf86CheckPrivs(argv[i], argv[i + 1]); -+ if (xf86PrivsElevated()) -+ FatalError("\nInvalid argument -logfile " -+ "with elevated privileges\n"); - xf86LogFile = argv[i + 1]; - xf86LogFileFrom = X_CMDLINE; - return 2; --- -2.19.0 - diff --git a/SPECS/xorg-x11-server.spec b/SPECS/xorg-x11-server.spec index 098aa22..50716bb 100644 --- a/SPECS/xorg-x11-server.spec +++ b/SPECS/xorg-x11-server.spec @@ -42,7 +42,7 @@ Summary: X.Org X11 X server Name: xorg-x11-server Version: 1.20.1 -Release: 5.1%{?gitdate:.%{gitdate}}%{?dist} +Release: 5%{?gitdate:.%{gitdate}}%{?dist} URL: http://www.x.org License: MIT Group: User Interface/X @@ -107,7 +107,6 @@ Patch9753: 0001-linux-Make-platform-device-probe-less-fragile.patch Patch9754: 0001-xfree86-try-harder-to-span-on-multihead.patch Patch9755: 0001-modesetting-Hide-atomic-behind-Option-Atomic-boolean.patch Patch9756: 0001-xfree86-LeaveVT-from-xf86CrtcCloseScreen.patch -Patch9757: 0001-Disable-logfile-and-modulepath-when-running-with-ele.patch %global moduledir %{_libdir}/xorg/modules %global drimoduledir %{_libdir}/dri @@ -590,10 +589,6 @@ rm -rf $RPM_BUILD_ROOT %{xserver_source_dir} %changelog -* Mon Oct 22 2018 Adam Jackson - 1.20.1-5.1 -- CVE-2018-14665: Disable -logfile and -modulepath when running with elevated - privileges - * Tue Oct 09 2018 Adam Jackson - 1.20.1-5 - Call LeaveVT from xf86CrtcCloseScreen