diff options
| author | Ross Burton <ross@burtonini.com> | 2022-01-10 12:19:32 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-01-22 17:56:53 +0000 |
| commit | 1e4665204b6e020c621494e44fc7afd87e30c7bb (patch) | |
| tree | 6c2091306cb4c82be351140c539b1227c3a98824 | |
| parent | 07755db69908f752571dc52993dcba32bfe9fc66 (diff) | |
| download | poky-1e4665204b6e020c621494e44fc7afd87e30c7bb.tar.gz | |
xserver-xorg: whitelist two CVEs
CVE-2011-4613 is specific to Debian/Ubuntu.
CVE-2020-25697 is a non-trivial attack that may not actually be feasible
considering the default behaviour for clients is to exit if the
connection is lost.
(From OE-Core rev: c477e35d01e7b8443b680f6456ac92a15fbfeaa2)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit afa2e6c31a79f75ff4113d53f618bbb349cd6c17)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index 02daafc098..c891211c40 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | |||
| @@ -19,6 +19,14 @@ XORG_PN = "xorg-server" | |||
| 19 | SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2" | 19 | SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.bz2" |
| 20 | 20 | ||
| 21 | CVE_PRODUCT = "xorg-server x_server" | 21 | CVE_PRODUCT = "xorg-server x_server" |
| 22 | # This is specific to Debian's xserver-wrapper.c | ||
| 23 | CVE_CHECK_WHITELIST += "CVE-2011-4613" | ||
| 24 | # As per upstream, exploiting this flaw is non-trivial and it requires exact | ||
| 25 | # timing on the behalf of the attacker. Many graphical applications exit if their | ||
| 26 | # connection to the X server is lost, so a typical desktop session is either | ||
| 27 | # impossible or difficult to exploit. There is currently no upstream patch | ||
| 28 | # available for this flaw. | ||
| 29 | CVE_CHECK_WHITELIST += "CVE-2020-25697" | ||
| 22 | 30 | ||
| 23 | S = "${WORKDIR}/${XORG_PN}-${PV}" | 31 | S = "${WORKDIR}/${XORG_PN}-${PV}" |
| 24 | 32 | ||
