> Ilja van Sprundel, a security researcher with IOActive, has discovered a
> large number of issues in the way various X client libraries handle the
> responses they receive from servers, and has worked with X.Org's security
> team to analyze, confirm, and fix these issues.
> Most of these issues stem from the client libraries trusting the server to
> send correct protocol data, and not verifying that the values will not
> overflow or cause other damage. Most of the time X clients & servers are run
> by the same user, with the server more privileged from the clients, so this
> is not a problem, but there are scenarios in which a privileged client can be
> connected to an unprivileged server, for instance, connecting a setuid X
> client (such as a screen lock program) to a virtual X server (such as Xvfb or
> Xephyr) which the user has modified to return invalid data, potentially
> allowing the user to escalate their privileges.
*** Bug 4657 has been marked as a duplicate of this bug. ***
X libraries updated in r27641. Mesa hasn't released anything with the fixes yet. We'll wait a bit longer and see if they do. Otherwise we'll have to bundle the patches.
Mesa patched in r28004.
Fixes are included in following library version;
libX11 184.108.40.2062 (1.6 RC2) - Not updated, current version 1.5.0
libXcursor 1.1.14 - Updated and used by buildsystem.
libXext 1.3.2 - Updated and used by buildsystem.
libXfixes 5.0.1 - Updated and used by buildsystem.
libXi 220.127.116.111 (1.6.3 RC1) - Updated and used by buildsystem. version 1.7.2
libXinerama 1.1.3 - Updated and used by buildsystem.
libXp 1.0.2 - Not used by ThinLinc
libXrandr 1.4.1 - Updated and used by buildsystem.
libXrender 0.9.8 - Updated and used by buildsystem.
libXRes 1.0.7 - Not used by ThinLinc
libXtst 1.2.2 - Updated and used by buildsystem.
libXv 1.0.8 - Not used by ThinLinc
libXvMC 1.0.8 - Not used by ThinLinc
libXxf86dga 1.1.4 - Not used by ThinLinc
libXxf86vm 1.1.3 - Updated and used by buildsystem.
libdmx 1.1.3 - Not used by ThinLinc
libxcb 1.9.1 - Updated and used by buildsystem.
libFS 1.0.5 - Not used by ThinLinc
libXt 1.1.4 - Not used by ThinLinc
libX11 upgraded in r28029.
(In reply to comment #6)
> libX11 upgraded in r28029.
Verified that libX11 is upgraded to version 1.6.2, and that the build system is now updated and using the latest version.
(In reply to comment #3)
> Mesa patched in r28004.
Verfied that the package release version is update inline with the new patches that is applied. Also verified that the build system is using the new version 9.1.1-2
These bugs should not cause any issues in a typical ThinLinc deployment.