| Summary: | x11-server new security issue CVE-2021-3472 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, fri, guillaume.royer, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-64-OK MGA8-64-OK MGA7-32-OK MGA8-32-OK | ||
| Source RPM: | x11-server | CVE: | CVE-2021-3472 |
| Status comment: | |||
|
Description
Thomas Backlund
2021-04-13 18:20:30 CEST
Thomas Backlund
2021-04-13 18:20:49 CEST
Whiteboard:
(none) =>
MGA7TOO xorg-server-1.20.11: https://lists.freedesktop.org/archives/xorg/2021-April/060678.html xwayland-21.1.1: https://lists.freedesktop.org/archives/xorg/2021-April/060679.html This obviously is for Cauldron too Whiteboard:
MGA7TOO =>
MGA7TOO, MGA8TOO Cauldron fixed. Whiteboard:
MGA7TOO, MGA8TOO =>
MGA7TOO Mga8 rpms: SRPM: x11-server-1.20.11-1.mga8.src.rpm i586: x11-server-1.20.11-1.mga8.i586.rpm x11-server-common-1.20.11-1.mga8.i586.rpm x11-server-devel-1.20.11-1.mga8.i586.rpm x11-server-source-1.20.11-1.mga8.noarch.rpm x11-server-xdmx-1.20.11-1.mga8.i586.rpm x11-server-xephyr-1.20.11-1.mga8.i586.rpm x11-server-xnest-1.20.11-1.mga8.i586.rpm x11-server-xorg-1.20.11-1.mga8.i586.rpm x11-server-xvfb-1.20.11-1.mga8.i586.rpm x11-server-xwayland-1.20.11-1.mga8.i586.rpm x86_64: x11-server-1.20.11-1.mga8.x86_64.rpm x11-server-common-1.20.11-1.mga8.x86_64.rpm x11-server-devel-1.20.11-1.mga8.x86_64.rpm x11-server-source-1.20.11-1.mga8.noarch.rpm x11-server-xdmx-1.20.11-1.mga8.x86_64.rpm x11-server-xephyr-1.20.11-1.mga8.x86_64.rpm x11-server-xnest-1.20.11-1.mga8.x86_64.rpm x11-server-xorg-1.20.11-1.mga8.x86_64.rpm x11-server-xvfb-1.20.11-1.mga8.x86_64.rpm x11-server-xwayland-1.20.11-1.mga8.x86_64.rpm Mga7 rpms: SRPM: x11-server-1.20.11-1.mga7.src.rpm i586: x11-server-1.20.11-1.mga7.i586.rpm x11-server-common-1.20.11-1.mga7.i586.rpm x11-server-devel-1.20.11-1.mga7.i586.rpm x11-server-source-1.20.11-1.mga7.noarch.rpm x11-server-xdmx-1.20.11-1.mga7.i586.rpm x11-server-xephyr-1.20.11-1.mga7.i586.rpm x11-server-xnest-1.20.11-1.mga7.i586.rpm x11-server-xorg-1.20.11-1.mga7.i586.rpm x11-server-xvfb-1.20.11-1.mga7.i586.rpm x11-server-xwayland-1.20.11-1.mga7.i586.rpm x86_64: x11-server-1.20.11-1.mga7.x86_64.rpm x11-server-common-1.20.11-1.mga7.x86_64.rpm x11-server-devel-1.20.11-1.mga7.x86_64.rpm x11-server-source-1.20.11-1.mga7.noarch.rpm x11-server-xdmx-1.20.11-1.mga7.x86_64.rpm x11-server-xephyr-1.20.11-1.mga7.x86_64.rpm x11-server-xnest-1.20.11-1.mga7.x86_64.rpm x11-server-xorg-1.20.11-1.mga7.x86_64.rpm x11-server-xvfb-1.20.11-1.mga7.x86_64.rpm x11-server-xwayland-1.20.11-1.mga7.x86_64.rpm mga8 64 bit with Plasma, not wayland. nvidia-current; GeForce 635 series and later Kernel 5.10.27-desktop-1.mga8 No issues noted. Hardware: My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, GPU: Nvidia GM107 [GeForce GTX 750], 4k display on DisplayPort. CC:
(none) =>
fri MGA 7 VM with Nvidia 520M driver 390 and Kernel 5.10.27 updated with QA repo and: x11-server-common-1.20.11-1.mga7.x86_64 x11-server-xorg-1.20.11-1.mga7.x86_64 x11-server-xwayland -1.20.11-1.mga7.x86_64 No issues at installation and after reboot. OK MGA 8 VM LXqtwith Nvidia 520M driver 390 and Kernel 5.10.27 updated with QA repo and: x11-server-common-1.20.11-1.mga8.x86_64 x11-server-xorg-1.20.11-1.mga8.x86_64 x11-server-xwayland -1.20.11-1.mga8.x86_64 No issues at installation and after reboot. MGA 8 Xfce with Nvidia 520M driver 390 Optimus Technology and Kernel 5.10.27 updated with QA repo and: x11-server-common-1.20.11-1.mga8.x86_64 x11-server-xorg-1.20.11-1.mga8.x86_64 x11-server-xwayland -1.20.11-1.mga8.x86_64 No issues at installation and after reboot. Switching with Mageia Prime OK CC:
(none) =>
guillaume.royer MGA 8 Plasma, Nvidia GeForce GTX 1660 Ti, nvidia-current 460-67-1 version. X11 session is OK. 3D is OK. No issues. Note x11-server-xephyr-1.20.11-1.mga8.x86_64.rpm is also OK. XWayland under Plasma wayland session too. Firefox is able to launch, same for drakconf. MGA 7 and 8 Plasma, Nvidia GeForce GTX 670, nvidia-current 460-67-1 version. Same OK on both systems. MGA 8 Plasma and Gnome on Intel 630 integrated GPU. This is OK. 3D is OK XWayland is OK too. CC:
(none) =>
ouaurelien Advisory: ======================== The updated x11-server packages fix security vulnerability: References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472 https://lists.freedesktop.org/archives/xorg/2021-April/060678.html https://lists.freedesktop.org/archives/xorg/2021-April/060679.html ======================== Updated packages in 8/core/updates_testing: ======================== i586: x11-server-1.20.11-1.mga8.i586.rpm x11-server-common-1.20.11-1.mga8.i586.rpm x11-server-devel-1.20.11-1.mga8.i586.rpm x11-server-source-1.20.11-1.mga8.noarch.rpm x11-server-xdmx-1.20.11-1.mga8.i586.rpm x11-server-xephyr-1.20.11-1.mga8.i586.rpm x11-server-xnest-1.20.11-1.mga8.i586.rpm x11-server-xorg-1.20.11-1.mga8.i586.rpm x11-server-xvfb-1.20.11-1.mga8.i586.rpm x11-server-xwayland-1.20.11-1.mga8.i586.rpm x86_64: x11-server-1.20.11-1.mga8.x86_64.rpm x11-server-common-1.20.11-1.mga8.x86_64.rpm x11-server-devel-1.20.11-1.mga8.x86_64.rpm x11-server-source-1.20.11-1.mga8.noarch.rpm x11-server-xdmx-1.20.11-1.mga8.x86_64.rpm x11-server-xephyr-1.20.11-1.mga8.x86_64.rpm x11-server-xnest-1.20.11-1.mga8.x86_64.rpm x11-server-xorg-1.20.11-1.mga8.x86_64.rpm x11-server-xvfb-1.20.11-1.mga8.x86_64.rpm x11-server-xwayland-1.20.11-1.mga8.x86_64.rpm from SRPM: x11-server-1.20.11-1.mga8.src.rpm Updated packages in 7/core/updates_testing: ======================== i586: x11-server-1.20.11-1.mga7.i586.rpm x11-server-common-1.20.11-1.mga7.i586.rpm x11-server-devel-1.20.11-1.mga7.i586.rpm x11-server-source-1.20.11-1.mga7.noarch.rpm x11-server-xdmx-1.20.11-1.mga7.i586.rpm x11-server-xephyr-1.20.11-1.mga7.i586.rpm x11-server-xnest-1.20.11-1.mga7.i586.rpm x11-server-xorg-1.20.11-1.mga7.i586.rpm x11-server-xvfb-1.20.11-1.mga7.i586.rpm x11-server-xwayland-1.20.11-1.mga7.i586.rpm x86_64: x11-server-1.20.11-1.mga7.x86_64.rpm x11-server-common-1.20.11-1.mga7.x86_64.rpm x11-server-devel-1.20.11-1.mga7.x86_64.rpm x11-server-source-1.20.11-1.mga7.noarch.rpm x11-server-xdmx-1.20.11-1.mga7.x86_64.rpm x11-server-xephyr-1.20.11-1.mga7.x86_64.rpm x11-server-xnest-1.20.11-1.mga7.x86_64.rpm x11-server-xorg-1.20.11-1.mga7.x86_64.rpm x11-server-xvfb-1.20.11-1.mga7.x86_64.rpm x11-server-xwayland-1.20.11-1.mga7.x86_64.rpm from SRPM: x11-server-1.20.11-1.mga7.src.rpm Advisory committed. Keywords:
(none) =>
advisory Oups, missing text. Advisory: ======================== The updated x11-server packages fix security vulnerability: Insufficient checks on the lengths of the XInput extension ChangeFeedbackControl request can lead to out of bounds memory accesses in the X server. (CVE-2021-3472). These issues can lead to privilege escalation for authorized clients on systems where the X server is running privileged. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472 https://lists.freedesktop.org/archives/xorg/2021-April/060678.html https://lists.freedesktop.org/archives/xorg/2021-April/060679.html ======================== Updated packages in 8/core/updates_testing: unchanged. Dell Inspiron 5100, P4, Mobility Radeon 7500 (RV200) graphics, 32-bit Xfce systems, MGA7 and MGA8. Updated both systems in turn using qarepo. No installation issues. Did a reboot because it seemed like the thing to do, no issues noted on either install. Giving a 32-bit OK for both. Validating. Whiteboard:
MGA7TOO MGA7-64-OK MGA8-64-OK =>
MGA7TOO MGA7-64-OK MGA8-64-OK MGA7-32-OK MGA8-32-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0190.html Status:
NEW =>
RESOLVED Debian has issued an advisory for this on April 19: https://www.debian.org/security/2021/dsa-4893 |