Bug 270540 - x11-servers/xorg-server: CVE-2023-1393
Summary: x11-servers/xorg-server: CVE-2023-1393
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: freebsd-x11 (Nobody)
URL: https://www.vuxml.org/freebsd/96d8423...
Keywords: security
Depends on:
Blocks:
 
Reported: 2023-03-30 10:46 UTC by Sergiy
Modified: 2023-04-07 07:53 UTC (History)
6 users (show)

See Also:
manu: maintainer-feedback+

Attachments
x11-servers/xorg-server: update to 21.1.8 (1.03 KB, patch)
2023-04-01 11:05 UTC, Dimitry Andric 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sergiy 2023-03-30 10:46:50 UTC 
xorg-server-21.1.7 have:
ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free
Local Privilege Escalation Vulnerability

https://lists.x.org/archives/xorg/2023-March/061312.html

https://cgit.freedesktop.org/xorg/xserver/commit/?id=26ef545b3502f61ca722a7a3373507e88ef64110

https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3

fixed in version xorg-server 21.1.8
Comment 2 Dimitry Andric freebsd_committer freebsd_triage 2023-04-01 11:05:00 UTC 
Created attachment 241244 [details]
x11-servers/xorg-server: update to 21.1.8
Comment 3 commit-hook freebsd_committer freebsd_triage 2023-04-04 17:36:18 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0449a8492b3bd067d809faf3fdfe30a0f3345247

commit 0449a8492b3bd067d809faf3fdfe30a0f3345247
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2023-04-01 11:03:49 +0000
Commit:     Dimitry Andric <dim@FreeBSD.org>
CommitDate: 2023-04-04 17:32:59 +0000

    x11-servers/xorg-server: update to 21.1.8

    This fixes:

    * ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window
      Use-After-Free  Local Privilege Escalation Vulnerability

      If a client explicitly destroys the compositor overlay window (aka
      COW), the Xserver would leave a dangling pointer to that window in the
      CompScreen structure, which will trigger a use-after-free later.

    PR:             270540
    Approved by:    x11 (maintainer)
    MFH:            2023Q2
    Security:       96d84238-b500-490b-b6aa-2b77090a0410

 x11-servers/xorg-server/Makefile | 2 +-
 x11-servers/xorg-server/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 4 Graham Perrin freebsd_committer freebsd_triage 2023-04-07 07:53:46 UTC 
Confirming the existence of a VuXML entry for CVE-2023-1393: 

<https://www.vuxml.org/freebsd/96d84238-b500-490b-b6aa-2b77090a0410.html>

% git -C /usr/ports log -n 1 --oneline a170acb57f7c3446ef8a8f2eb0dd8e36b3eafa68
a170acb57f7c security/vuxml: mark xorg-server < 21.1.8,1 as vulnerable
% 

<https://cgit.freebsd.org/ports/commit/?id=a170acb57f7c3446ef8a8f2eb0dd8e36b3eafa68>