[X2Go-Commits] [nx-libs] 05/06: Xserver/Xext/saver.c Unvalidated lengths (X.org CVE-2017-12185).
git-admin at x2go.org
git-admin at x2go.org
Wed Mar 7 21:58:05 CET 2018
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch 3.6.x
in repository nx-libs.
commit 7017c22c2b5dcacc8e337029f7ed82f4bcafb819
Author: Nathan Kidd <nkidd at opentext.com>
Date: Mon Mar 5 11:01:49 2018 +0100
Xserver/Xext/saver.c Unvalidated lengths (X.org CVE-2017-12185).
commit cad5a1050b7184d828aef9c1dd151c3ab649d37e
Author: Nathan Kidd <nkidd at opentext.com>
Date: Fri Jan 9 09:57:23 2015 -0500
Unvalidated lengths
v2: Add overflow check and remove unnecessary check (Julien Cristau)
This addresses:
CVE-2017-12184 in XINERAMA
CVE-2017-12185 in MIT-SCREEN-SAVER
CVE-2017-12186 in X-Resource
CVE-2017-12187 in RENDER
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
Reviewed-by: Julien Cristau <jcristau at debian.org>
Signed-off-by: Nathan Kidd <nkidd at opentext.com>
Signed-off-by: Julien Cristau <jcristau at debian.org>
Backported-to-NX-by: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
---
nx-X11/programs/Xserver/Xext/saver.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/nx-X11/programs/Xserver/Xext/saver.c b/nx-X11/programs/Xserver/Xext/saver.c
index 0b79a00..89eebd7 100644
--- a/nx-X11/programs/Xserver/Xext/saver.c
+++ b/nx-X11/programs/Xserver/Xext/saver.c
@@ -1342,6 +1342,8 @@ ProcScreenSaverUnsetAttributes (ClientPtr client)
PanoramiXRes *draw;
int i;
+ REQUEST_SIZE_MATCH(xScreenSaverUnsetAttributesReq);
+
if(!(draw = (PanoramiXRes *)SecurityLookupIDByClass(
client, stuff->drawable, XRC_DRAWABLE, DixWriteAccess)))
return BadDrawable;
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
More information about the x2go-commits
mailing list