[OE-core] [PATCH] xserver-xorg: fix for CVE-2018-14665
changqing.li at windriver.com
changqing.li at windriver.com
Fri Nov 2 06:09:04 UTC 2018
From: Changqing Li <changqing.li at windriver.com>
Signed-off-by: Changqing Li <changqing.li at windriver.com>
---
.../xorg-xserver/xserver-xorg/CVE-2018-14665.patch | 56 ++++++++++++++++++++++
1 file changed, 56 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
new file mode 100644
index 0000000..5dd6fe0
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
@@ -0,0 +1,56 @@
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/
+commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e]
+
+CVE: CVE-2018-14665
+
+Signed-off-by: Changqing Li <changqing.li at windriver.com>
+
+From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu at herrb.eu>
+Date: Tue, 23 Oct 2018 21:29:08 +0200
+Subject: [PATCH] Disable -logfile and -modulepath when running with elevated
+ privileges
+
+Could cause privilege elevation and/or arbitrary files overwrite, when
+the X server is running with elevated privileges (ie when Xorg is
+installed with the setuid bit set and started by a non-root user).
+
+CVE-2018-14665
+
+Issue reported by Narendra Shinde and Red Hat.
+
+Signed-off-by: Matthieu Herrb <matthieu at herrb.eu>
+Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
+Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
+Reviewed-by: Adam Jackson <ajax at redhat.com>
+---
+ hw/xfree86/common/xf86Init.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
+index 6c25eda73..0f57efa86 100644
+--- a/hw/xfree86/common/xf86Init.c
++++ b/hw/xfree86/common/xf86Init.c
+@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i)
+ /* First the options that are not allowed with elevated privileges */
+ if (!strcmp(argv[i], "-modulepath")) {
+ CHECK_FOR_REQUIRED_ARGUMENT();
+- xf86CheckPrivs(argv[i], argv[i + 1]);
++ if (xf86PrivsElevated())
++ FatalError("\nInvalid argument -modulepath "
++ "with elevated privileges\n");
+ xf86ModulePath = argv[i + 1];
+ xf86ModPathFrom = X_CMDLINE;
+ return 2;
+ }
+ if (!strcmp(argv[i], "-logfile")) {
+ CHECK_FOR_REQUIRED_ARGUMENT();
+- xf86CheckPrivs(argv[i], argv[i + 1]);
++ if (xf86PrivsElevated())
++ FatalError("\nInvalid argument -logfile "
++ "with elevated privileges\n");
+ xf86LogFile = argv[i + 1];
+ xf86LogFileFrom = X_CMDLINE;
+ return 2;
+--
+2.18.1
--
2.7.4
More information about the Openembedded-core
mailing list