diff options
author | Jackie Huang <jackie.huang@windriver.com> | 2017-08-17 15:39:13 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-08-18 23:46:37 +0100 |
commit | 583225d94ae7631f82afd618a00ca0f9ed63fce0 (patch) | |
tree | 0c9023523b5e155fc6ef1bd7b8b4481dc3b7ec82 /meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.3.bb | |
parent | 88a82e74899b4152fcbda9e88aa1e8e77701b5e2 (diff) | |
download | poky-583225d94ae7631f82afd618a00ca0f9ed63fce0.tar.gz |
xserver-xorg: Fix CVE-2017-10971
Backport 3 patches to fix CVE-2017-10971:
In the X.Org X server before 2017-06-19, a user authenticated to an X
Session could crash or execute code in the context of the X Server by
exploiting a stack overflow in the endianness conversion of X Events.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-10971
(From OE-Core rev: 20428f660f2c046c63bbf63c4e4af95dac9f2b3d)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.3.bb')
-rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.3.bb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.3.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.3.bb index 606367d1e9..65ef6c683b 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.3.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.19.3.bb | |||
@@ -5,6 +5,9 @@ SRC_URI += "file://musl-arm-inb-outb.patch \ | |||
5 | file://0002-configure.ac-Fix-wayland-scanner-and-protocols-locat.patch \ | 5 | file://0002-configure.ac-Fix-wayland-scanner-and-protocols-locat.patch \ |
6 | file://0003-modesetting-Fix-16-bit-depth-bpp-mode.patch \ | 6 | file://0003-modesetting-Fix-16-bit-depth-bpp-mode.patch \ |
7 | file://0003-Remove-check-for-useSIGIO-option.patch \ | 7 | file://0003-Remove-check-for-useSIGIO-option.patch \ |
8 | file://CVE-2017-10971-1.patch \ | ||
9 | file://CVE-2017-10971-2.patch \ | ||
10 | file://CVE-2017-10971-3.patch \ | ||
8 | " | 11 | " |
9 | SRC_URI[md5sum] = "015d2fc4b9f2bfe7a626edb63a62c65e" | 12 | SRC_URI[md5sum] = "015d2fc4b9f2bfe7a626edb63a62c65e" |
10 | SRC_URI[sha256sum] = "677a8166e03474719238dfe396ce673c4234735464d6dadf2959b600d20e5a98" | 13 | SRC_URI[sha256sum] = "677a8166e03474719238dfe396ce673c4234735464d6dadf2959b600d20e5a98" |