xorg-server: Changes to 'ubuntu'
debian/changelog | 13 +++++++++++++
debian/patches/508_CVE-2011-4028.patch | 15 +++++++++++++++
debian/patches/509_CVE-2011-4029.patch | 15 +++++++++++++++
debian/patches/series | 2 ++
4 files changed, 45 insertions(+)
New commits:
commit 81c266120481dfdd067dbaebc25c47fde45ec4dc
Author: Chase Douglas <chase.douglas@ubuntu.com>
Date: Tue Oct 18 17:30:28 2011 -0700
Sync with oneiric security update
* SECURITY UPDATE: file existence disclosure
- debian/patches/508_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
in os/utils.c.
- CVE-2011-4028
* SECURITY UPDATE: privilege escalation via file permission change
- debian/patches/509_CVE-2011-4029.patch: use fchmod to prevent race
in os/utils.c.
- CVE-2011-4029
diff --git a/debian/changelog b/debian/changelog
index f93edc6..6de56a2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+xorg-server (2:1.10.4-1ubuntu4.1) oneiric-security; urgency=low
+
+ * SECURITY UPDATE: file existence disclosure
+ - debian/patches/508_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
+ in os/utils.c.
+ - CVE-2011-4028
+ * SECURITY UPDATE: privilege escalation via file permission change
+ - debian/patches/509_CVE-2011-4029.patch: use fchmod to prevent race
+ in os/utils.c.
+ - CVE-2011-4029
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 13 Oct 2011 10:55:35 -0400
+
xorg-server (2:1.10.4-1ubuntu4) oneiric; urgency=low
* Send touch ownership event for subsequent touch grabs (LP: #861906)
diff --git a/debian/patches/508_CVE-2011-4028.patch b/debian/patches/508_CVE-2011-4028.patch
new file mode 100644
index 0000000..851fbaa
--- /dev/null
+++ b/debian/patches/508_CVE-2011-4028.patch
@@ -0,0 +1,15 @@
+Description: fix file existence disclosure
+Author: Matthieu Herrb <matthieu@herrb.eu>
+
+diff -Nur xorg-server-1.10.4/os/utils.c xorg-server-1.10.4.new/os/utils.c
+--- xorg-server-1.10.4/os/utils.c 2011-10-13 10:54:12.296825952 -0400
++++ xorg-server-1.10.4.new/os/utils.c 2011-10-13 10:54:38.948826635 -0400
+@@ -330,7 +330,7 @@
+ /*
+ * Read the pid from the existing file
+ */
+- lfd = open(LockFile, O_RDONLY);
++ lfd = open(LockFile, O_RDONLY|O_NOFOLLOW);
+ if (lfd < 0) {
+ unlink(tmp);
+ FatalError("Can't read lock file %s\n", LockFile);
diff --git a/debian/patches/509_CVE-2011-4029.patch b/debian/patches/509_CVE-2011-4029.patch
new file mode 100644
index 0000000..2c9368a
--- /dev/null
+++ b/debian/patches/509_CVE-2011-4029.patch
@@ -0,0 +1,15 @@
+Description: fix privilege escalation via file permission change
+Author: Matthieu Herrb <matthieu@herrb.eu>
+
+diff -Nur xorg-server-1.10.4/os/utils.c xorg-server-1.10.4.new/os/utils.c
+--- xorg-server-1.10.4/os/utils.c 2011-10-13 10:54:49.808826913 -0400
++++ xorg-server-1.10.4.new/os/utils.c 2011-10-13 10:55:10.448827440 -0400
+@@ -309,7 +309,7 @@
+ FatalError("Could not create lock file in %s\n", tmp);
+ (void) sprintf(pid_str, "%10ld\n", (long)getpid());
+ (void) write(lfd, pid_str, 11);
+- (void) chmod(tmp, 0444);
++ (void) fchmod(lfd, 0444);
+ (void) close(lfd);
+
+ /*
diff --git a/debian/patches/series b/debian/patches/series
index 4de3891..e7044e5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -40,3 +40,5 @@
505_Xi_ensure_replayed_touch_events_have_devices.patch
506_Xi_ensure_touch_events_update_currentTime.patch
507_touch_grab_reject_send_ownership.patch
+508_CVE-2011-4028.patch
+509_CVE-2011-4029.patch
Reply to: