diff --git a/backport-CVE-2025-49178.patch b/backport-CVE-2025-49178.patch new file mode 100644 index 0000000000000000000000000000000000000000..99c382e5b45f09f52f4d0d80c4066a34229d5ab3 --- /dev/null +++ b/backport-CVE-2025-49178.patch @@ -0,0 +1,49 @@ +From 7115e1ba5b9b387ffa1f460b8c75beb270fcf6ae Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 2 Jul 2025 22:47:47 +0800 +Subject: [PATCH] fix CVE-2025-49178 + +os: Account for bytes to ignore when sharing input buffer + + +When reading requests from the clients, the input buffer might be shared +and used between different clients. + +If a given client sends a full request with non-zero bytes to ignore, +the bytes to ignore may still be non-zero even though the request is +full, in which case the buffer could be shared with another client who's +request will not be processed because of those bytes to ignore, leading +to a possible hang of the other client request. + +To avoid the issue, make sure we have zero bytes to ignore left in the +input request when sharing the input buffer with another client. + +CVE-2025-49178 + +This issue was discovered by Nils Emmerich and +reported by Julian Suleder via ERNW Vulnerability Disclosure. + +Signed-off-by: default avatarOlivier Fourdan +Reviewed-by: default avatarPeter Hutterer +Part-of: + +--- + os/io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/os/io.c b/os/io.c +index 939f517..d79cfd9 100644 +--- a/os/io.c ++++ b/os/io.c +@@ -438,7 +438,7 @@ ReadRequestFromClient(ClientPtr client) + */ + + gotnow -= needed; +- if (!gotnow) ++ if (!gotnow && !oci->ignoreBytes) + AvailableInput = oc; + if (move_header) { + if (client->req_len < bytes_to_int32(sizeof(xBigReq) - sizeof(xReq))) { +-- +2.33.0 + diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index dc4a2792a50a4ca3ffc03dbb1799f31ad73469e1..750d3f62e65c98e20c8daaad4e108332e575b784 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -16,7 +16,7 @@ Name: xorg-x11-server Version: 1.20.11 -Release: 36 +Release: 37 Summary: X.Org X11 X server License: MIT and GPLv2 URL: https://www.x.org @@ -137,6 +137,7 @@ Patch6053: backport-CVE-2025-26598.patch Patch6054: backport-CVE-2025-26599.patch Patch6055: backport-CVE-2025-26600.patch Patch6056: backport-CVE-2025-26601.patch +Patch6057: backport-CVE-2025-49178.patch BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex git gcc BuildRequires: systemtap-sdt-devel libtool pkgconfig @@ -478,6 +479,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete %{_mandir}/man*/* %changelog +* Web Jul 02 2025 wangqingzheng - 1.20.11-37 +- Fix CVE-2025-49178 + * Tue Apr 22 2025 Funda Wang - 1.20.11-36 - add missing patches regarding CVE-2025-26594, CVE-2025-26599, CVE-2025-26601