xorg-server-21.1.8

[Douglas R. Reno]

New point version. Security update for RCE over SSH forwarding and privilege escalation locally.

[Douglas R. Reno]

Release Notes

This release contains the fix for CVE-2023-1393 in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-March/003374.html

Benno Schulenberg (1):
      xkbUtils: use existing symbol names instead of deleted deprecated ones

Olivier Fourdan (2):
      composite: Fix use-after-free of the COW
      xserver 21.1.8 

Security Advisory

X.Org Security Advisory: March 29, 2023

X.Org Server Overlay Window Use-After-Free
==========================================

This issue can lead to local privileges elevation on systems where the X
server is running privileged and remote code execution for ssh X forwarding
sessions.

ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free
Local Privilege Escalation Vulnerability

If a client explicitly destroys the compositor overlay window (aka COW),
the Xserver would leave a dangling pointer to that window in the CompScreen
structure, which will trigger a use-after-free later.

Patches
-------
Patch for this issue have been committed to the xorg server git repository.
xorg-server 21.1.8 will be released shortly and will include this patch.

- commit 26ef545b3 - composite: Fix use-after-free of the COW
   (https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3)

ZDI-CAN-19866/CVE-2023-1393

If a client explicitly destroys the compositor overlay window (aka COW),
we would leave a dangling pointer to that window in the CompScreen
structure, which will trigger a use-after-free later.

Make sure to clear the CompScreen pointer to the COW when the latter gets
destroyed explicitly by the client.

[Douglas R. Reno]

Fixed at 23502fea43de1d6023d51dc0df9afa936994a854

[Douglas R. Reno]

Issued SA-11.3-009

[Bruce Dubbs]

Milestone renamed