Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1061110: xorg-server: Regression from fixes for CVE-2024-21886
1 view
Skip to first unread message
Salvatore Bonaccorso
Jan 18, 2024, 8:40:03 AM1/18/24
to
Source: xorg-server
Version: 2:21.1.11-1
Severity: important
Tags: upstream
X-Debbugs-Cc: car...@debian.org, jcri...@debian.org, a...@debian.org, te...@security.debian.org
While preparing the update for xorg-server for bookworm an autopkgtest
regression in uqm was seen. The same is shown with the 2:21.1.11-1
upload to unstable:
https://ci.debian.net/packages/u/uqm/testing/amd64/41866714/
Julien Cristau was able to reproduce the leak independly from uqm:
Xvfb :10 & sleep 2; DISPLAY=:10 xdpyinfo >/dev/null
resulting in
1 XSELINUXs still allocated at reset
SCREEN: 0 objects of 304 bytes = 0 total bytes 0 private allocs
DEVICE: 0 objects of 88 bytes = 0 total bytes 0 private allocs
CLIENT: 0 objects of 144 bytes = 0 total bytes 0 private allocs
WINDOW: 0 objects of 48 bytes = 0 total bytes 0 private allocs
PIXMAP: 0 objects of 16 bytes = 0 total bytes 0 private allocs
GC: 0 objects of 16 bytes = 0 total bytes 0 private allocs
CURSOR: 1 objects of 8 bytes = 8 total bytes 0 private allocs
TOTAL: 1 objects, 8 bytes, 0 allocs
1 CURSORs still allocated at reset
CURSOR: 1 objects of 8 bytes = 8 total bytes 0 private allocs
TOTAL: 1 objects, 8 bytes, 0 allocs
1 CURSOR_BITSs still allocated at reset
TOTAL: 0 objects, 0 bytes, 0 allocs
As per upstream commit bisection it seems that the first bad commit is
https://gitlab.freedesktop.org/xorg/xserver/-/commit/26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8
which is related for the CVE-2024-21886 fix.
Regards,
Salvatore
Version: 2:21.1.11-1
Severity: important
Tags: upstream
X-Debbugs-Cc: car...@debian.org, jcri...@debian.org, a...@debian.org, te...@security.debian.org
While preparing the update for xorg-server for bookworm an autopkgtest
regression in uqm was seen. The same is shown with the 2:21.1.11-1
upload to unstable:
https://ci.debian.net/packages/u/uqm/testing/amd64/41866714/
Julien Cristau was able to reproduce the leak independly from uqm:
Xvfb :10 & sleep 2; DISPLAY=:10 xdpyinfo >/dev/null
resulting in
1 XSELINUXs still allocated at reset
SCREEN: 0 objects of 304 bytes = 0 total bytes 0 private allocs
DEVICE: 0 objects of 88 bytes = 0 total bytes 0 private allocs
CLIENT: 0 objects of 144 bytes = 0 total bytes 0 private allocs
WINDOW: 0 objects of 48 bytes = 0 total bytes 0 private allocs
PIXMAP: 0 objects of 16 bytes = 0 total bytes 0 private allocs
GC: 0 objects of 16 bytes = 0 total bytes 0 private allocs
CURSOR: 1 objects of 8 bytes = 8 total bytes 0 private allocs
TOTAL: 1 objects, 8 bytes, 0 allocs
1 CURSORs still allocated at reset
CURSOR: 1 objects of 8 bytes = 8 total bytes 0 private allocs
TOTAL: 1 objects, 8 bytes, 0 allocs
1 CURSOR_BITSs still allocated at reset
TOTAL: 0 objects, 0 bytes, 0 allocs
As per upstream commit bisection it seems that the first bad commit is
https://gitlab.freedesktop.org/xorg/xserver/-/commit/26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8
which is related for the CVE-2024-21886 fix.
Regards,
Salvatore
Salvatore Bonaccorso
Jan 22, 2024, 2:30:04 AM1/22/24
to
Hi,
There is a fix for that upstream (the issue did not affect the master
branch which contains the following commit, which is not in the
21.1.y):
https://gitlab.freedesktop.org/xorg/xserver/-/issues/1623#note_2248117
https://gitlab.freedesktop.org/xorg/xserver/-/commit/1801fe0ac3926882d47d7e1ad6c0518a2cdffd41
Proposed merge request for unstable:
https://salsa.debian.org/xorg-team/xserver/xorg-server/-/merge_requests/9
Regards,
Salvatore
branch which contains the following commit, which is not in the
21.1.y):
https://gitlab.freedesktop.org/xorg/xserver/-/issues/1623#note_2248117
https://gitlab.freedesktop.org/xorg/xserver/-/commit/1801fe0ac3926882d47d7e1ad6c0518a2cdffd41
Proposed merge request for unstable:
https://salsa.debian.org/xorg-team/xserver/xorg-server/-/merge_requests/9
Regards,
Salvatore
0 new messages