Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
NetBSD Security Advisory 2015-001: Protocol handling issues in X Window System servers
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NetBSD Security Advisory 2015-001
=================================
Topic: Protocol handling issues in X Window System servers
Version: NetBSD-current: affected prior to 2014-12-22
NetBSD 7_BETA*: affected
NetBSD 6.1*: affected
NetBSD 6.0*: affected
NetBSD 5.2*: affected
NetBSD 5.1*: affected
pkgsrc: x11/xorg-server package prior 1.12.4nb7
Severity: Local Privilege Escalation, Arbitrary Code Execuation
Fixed: NetBSD-current: December 22th, 2014
NetBSD-7 branch: December 22th, 2014
NetBSD-6 branch: December 22th, 2014
NetBSD-6-1 branch: December 22th, 2014
NetBSD-6-0 branch: December 22th, 2014
NetBSD-5 branch: December 22th, 2014
NetBSD-5-2 branch: December 22th, 2014
NetBSD-5-1 branch: December 22th, 2014
pkgsrc 2014Q4: xorg-server-1.12.4nb7 corrects this issue
Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.
Abstract
========
A large number of issues in the way the Xorg server processes requests
have been discovered by Ilja van Sprundel, a security researcher with
IOActive. These issues could allow local users the ability to attack
a setuid Xorg server.
These problems are documented in CVE-2014-8091 to CVS-2014-8103.
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
Additionally, CVE-2013-6424 is also fixed with these updates.
Technical Details
=================
The issues come in 3 main categories:
- - Denial of service due to unchecked malloc in client authentication
CVE-2014-8091: SUN-DES-1
- - Integer overflows calculating memory needs for requests
CVE-2014-8092: X11 core protocol requests
CVE-2014-8093: GLX extension
CVE-2014-8094: DRI2 extension
CVE-2013-6424: EXA and render extensions
- - Out of bounds access due to not validating length or offset values in requests
CVE-2014-8095: XInput extension
CVE-2014-8096: XC-MISC extension
CVE-2014-8097: DBE extension
CVE-2014-8098: GLX extension
CVE-2014-8099: XVideo extension
CVE-2014-8100: Render extension
CVE-2014-8101: RandR extension
CVE-2014-8102: XFixes extension
CVE-2014-8103: DRI3 & Present extensions
Solutions and Workarounds
=========================
To apply a fixed version from a releng build, fetch a fitting xserver.tgz
from nyftp.netbsd.org and extract the fixed binaries:
cd /var/tmp
ftp http://nyftp.netbsd.org/pub/NetBSD-daily/REL/BUILD/ARCH/binary/sets/xserver.tgz
cd /
tar xzpf /var/tmp/xserver.tgz ./usr/X11R?/bin/X\*
tar xzpf /var/tmp/xserver.tgz ./usr/X11R?/lib/modules/extensions
as well as architecture-specific X servers.
with the following replacements:
REL = the release version you are using
BUILD = the source date of the build. 20141223* and later will fit
ARCH = your system's architecture
The following instructions describe how to upgrade your Xorg server
binaries by updating your source tree and rebuilding and
installing a new version of Xorg server.
The following instructions describe how to upgrade your Xorg server
binaries by updating your source tree and rebuilding and installing
a new version of Xorg server.
* NetBSD-current:
Systems running NetBSD-current dated from before 2014-12-21
should be upgraded to NetBSD-current dated 2014-12-22 or later.
The following files/directories need to be updated from the
netbsd-current CVS branch (aka HEAD):
xsrc/external/mit/xorg-server/dist
xsrc/xfree/xc/programs/Xserver
To update from CVS, re-build, and re-install Xorg server:
# cd xsrc
# cvs update -d -P external/mit/xorg-server/dist
# cd ..
# cd src
# cd external/mit/xorg/server/xorg-server
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
For the acorn32, alpha, amiga, mac68k, pmax and sun3 ports,
the following instructions should be used:
# cd xsrc
# cvs update -d -P xfree/xc/programs/Xserver
# cd ..
# cd src
# cd x11/Xserver
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
* NetBSD 6.*:
Systems running NetBSD 6.* sources dated from before
2014-12-21 should be upgraded from NetBSD 6.* sources dated
2014-12-22 or later.
The following files/directories need to be updated from the
netbsd-6, netbsd-6-1 or netbsd-6-0 branches:
xsrc/external/mit/xorg-server/dist
xsrc/xfree/xc/programs/Xserver
To update from CVS, re-build, and re-install Xorg server:
# cd xsrc
# cvs update -d -P external/mit/xorg-server/dist
# cd ..
# cd src
# cd external/mit/xorg/server/xorg-server
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
For the acorn32, alpha, amiga, ews4800mips, mac68k, newsmips,
pmax, sun3 and x68k ports, the following instructions should
be used:
# cd xsrc
# cvs update -d -P xfree/xc/programs/Xserver
# cd ..
# cd src
# cd x11/Xserver
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
* NetBSD 5.*:
Systems running NetBSD 5.* sources dated from before
2014-12-21 should be upgraded from NetBSD 5.* sources dated
2014-12-22 or later.
The following files/directories need to be updated from the
netbsd-5, netbsd-5-2 or netbsd-5-1 branches:
xsrc/external/mit/xorg-server/dist
xsrc/xfree/xc/programs/Xserver
To update from CVS, re-build, and re-install Xorg server:
# cd xsrc
# cvs update -d -P external/mit/xorg-server/dist
# cd ..
# cd src
# cd external/mit/xorg/server/xorg-server
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
For all but the amd64, i386, macppc, sgimips, shark and sparc64
ports, the following instructions should be used:
# cd xsrc
# cvs update -d -P xfree/xc/programs/Xserver
# cd ..
# cd src
# cd x11/Xserver
# make USETOOLS=no cleandir dependall
# make USETOOLS=no install
Thanks To
=========
Thanks to Ilja van Sprundel, IOActive and the Xorg security team for finding
and patching these issues. Thanks to Matthew Green for backporting the fixes
to all active NetBSD branches and server sources.
Revision History
================
2015-01-08 Initial release
More Information
================
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-001.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .
Copyright 2015, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: NetBSD-SA2015-001.txt,v 1.1 2015/01/08 21:02:23 tonnerre Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUrvCCAAoJEAZJc6xMSnBu/aoP+wUI2nUTJDo+OfjPIzyZtXE0
w3yO5v1xHeGRoX/i8mLaa9mcEoynL7ak75EjdASzTEW4g6Z+ufUbEcTRX1zTIDYp
uR+71zS3a0g2X5+d59HzU3kVYCkw/3R3SpMzHvprivIzEmMUyLFRwYCsE6Vwc/Ww
Z++NB5XPiLr4KOpw9gfvzZnvvznUY73hTr/7TSNdmvIhskzZAx/Mpza8lS5Gii7Q
qXPOfdct0UNjE99a90V6inBm7HgoAvsayX38NriKYHboy3v89lUNzh/HBi3q+VOZ
DB1jx6CCbCqWh1tXWlugcE6TbOWHE7S5CS0DhdgZgG7XrpD1goBiLizztFIa9Sep
gUTsRPHTT7Cq+SgsUquY+PV09Pu1DABcZHOW62h3OYIKg7S6MrD4YOrf9HUKnwop
hWaxtwg6Px3BtKGoltYkNNOt/lyQgWXfXMHMLZGmlpGD6l7IvQssHnYYvhDL3rv/
38o6WJCKJG8BXwSaBVBFamINs7g98wEkYKfTNX7nCVb/Ci8lebrVZCNlzp/Whemi
gpvWTOv84ge+7TxI5c3FKwdJcagAKoq/ALvXtQTWlgJbfTQlOXMehmt5S3FhCxi7
z8m2mngOMuJzOnoVOyyNYzPdsC8PRYBbJjI/FcYAB1ejXhNRqWVE8VjWs42wWkdx
QBjFOlNiXtHb+Er9HjRc
=HV5g
-----END PGP SIGNATURE-----
Home |
Main Index |
Thread Index |
Old Index