commit | ccdd431cd8f1cabae9d744f0514b6533c438908c | [log] [tgz] |
---|---|---|
author | Peter Hutterer <peter.hutterer@who-t.net> | Mon Dec 05 05:55:54 2022 |
committer | Peter Hutterer <peter.hutterer@who-t.net> | Wed Dec 14 01:02:40 2022 |
tree | 8a3b0cfff90573f80321a510c11c76fb71cb9978 | |
parent | 8f454b793e1f13c99872c15f0eed1d7f3b823fe8 [diff] |
xkb: reset the radio_groups pointer to NULL after freeing it Unlike other elements of the keymap, this pointer was freed but not reset. On a subsequent XkbGetKbdByName request, the server may access already freed memory. CVE-2022-4283, ZDI-CAN-19530 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Olivier Fourdan <ofourdan@redhat.com>
The X server accepts requests from client applications to create windows, which are (normally rectangular) “virtual screens” that the client program can draw into.
Windows are then composed on the actual screen by the X server (or by a separate composite manager) as directed by the window manager, which usually communicates with the user via graphical controls such as buttons and draggable titlebars and borders.
For a comprehensive overview of X Server and X Window System, consult the following article: https://en.wikipedia.org/wiki/X_server
All questions regarding this software should be directed at the Xorg mailing list:
https://lists.freedesktop.org/mailman/listinfo/xorg
The primary development code repository can be found at:
https://gitlab.freedesktop.org/xorg/xserver
For patch submission instructions, see:
https://www.x.org/wiki/Development/Documentation/SubmittingPatches
As with other projects hosted on freedesktop.org, X.Org follows its Code of Conduct, based on the Contributor Covenant. Please conduct yourself in a respectful and civilized manner when using the above mailing lists, bug trackers, etc: