-
Notifications
You must be signed in to change notification settings - Fork 546
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'fasttrack/2.0' into ankitapareek/2.0-python3-CVE-fix
- Loading branch information
Showing
4 changed files
with
112 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c | ||
| index 2a06f42..506ee29 100644 | ||
| --- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c | ||
| +++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c | ||
| @@ -3980,14 +3980,22 @@ check_wasi_abi_compatibility(const WASMModule *module, | ||
| /* clang-format on */ | ||
|
|
||
| WASMExport *initialize = NULL, *memory = NULL, *start = NULL; | ||
| + uint32 import_function_count = module->import_function_count; | ||
| + WASMType *func_type; | ||
|
|
||
| /* (func (export "_start") (...) */ | ||
| start = wasm_loader_find_export(module, "", "_start", EXPORT_KIND_FUNC, | ||
| error_buf, error_buf_size); | ||
| if (start) { | ||
| - WASMType *func_type = | ||
| - module->functions[start->index - module->import_function_count] | ||
| - ->func_type; | ||
| + if (start->index < import_function_count) { | ||
| + set_error_buf( | ||
| + error_buf, error_buf_size, | ||
| + "the builtin _start function can not be an import function"); | ||
| + return false; | ||
| + } | ||
| + | ||
| + func_type = | ||
| + module->functions[start->index - import_function_count]->func_type; | ||
| if (func_type->param_count || func_type->result_count) { | ||
| set_error_buf(error_buf, error_buf_size, | ||
| "the signature of builtin _start function is wrong"); | ||
| @@ -3999,8 +4007,15 @@ check_wasi_abi_compatibility(const WASMModule *module, | ||
| initialize = wasm_loader_find_export( | ||
| module, "", "_initialize", EXPORT_KIND_FUNC, error_buf, error_buf_size); | ||
| if (initialize) { | ||
| - WASMType *func_type = | ||
| - module->functions[initialize->index - module->import_function_count] | ||
| + if (initialize->index < import_function_count) { | ||
| + set_error_buf(error_buf, error_buf_size, | ||
| + "the builtin _initialize function can not be an " | ||
| + "import function"); | ||
| + return false; | ||
| + } | ||
| + | ||
| + func_type = | ||
| + module->functions[initialize->index - import_function_count] | ||
| ->func_type; | ||
| if (func_type->param_count || func_type->result_count) { | ||
| set_error_buf( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| Summary: Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX | ||
| Name: fluent-bit | ||
| Version: 2.2.3 | ||
| Release: 4%{?dist} | ||
| Release: 5%{?dist} | ||
| License: Apache-2.0 | ||
| Vendor: Microsoft Corporation | ||
| Distribution: Mariner | ||
|
|
@@ -12,6 +12,7 @@ Patch1: in_emitter_fix_issue_8198.patch | |
| Patch2: fix_issue_8025.patch | ||
| Patch3: CVE-2024-26455.patch | ||
| Patch4: CVE-2024-25629.patch | ||
| Patch5: CVE-2024-25431.patch | ||
| BuildRequires: bison | ||
| BuildRequires: cmake | ||
| BuildRequires: cyrus-sasl-devel | ||
|
|
@@ -85,6 +86,9 @@ Development files for %{name} | |
| %{_libdir}/fluent-bit/*.so | ||
|
|
||
| %changelog | ||
| * Fri Nov 15 2024 Ankita Pareek <[email protected]> - 2.2.3-5 | ||
| - Address CVE-2024-25431 | ||
|
|
||
| * Tue Oct 15 2024 Chris Gunn <[email protected]> - 2.2.3-4 | ||
| - CVE-2024-26455 | ||
| - CVE-2024-25629 | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| From 85b776571487f52e756f68a069c768757369bfe3 Mon Sep 17 00:00:00 2001 | ||
| From: Matthieu Herrb <[email protected]> | ||
| Date: Thu, 10 Oct 2024 10:37:28 +0200 | ||
| Subject: [PATCH] xkb: Fix buffer overflow in _XkbSetCompatMap() | ||
| MIME-Version: 1.0 | ||
| Content-Type: text/plain; charset=UTF-8 | ||
| Content-Transfer-Encoding: 8bit | ||
|
|
||
| The _XkbSetCompatMap() function attempts to resize the `sym_interpret` | ||
| buffer. | ||
|
|
||
| However, It didn't update its size properly. It updated `num_si` only, | ||
| without updating `size_si`. | ||
|
|
||
| This may lead to local privilege escalation if the server is run as root | ||
| or remote code execution (e.g. x11 over ssh). | ||
|
|
||
| CVE-2024-9632, ZDI-CAN-24756 | ||
|
|
||
| This vulnerability was discovered by: | ||
| Jan-Niklas Sohn working with Trend Micro Zero Day Initiative | ||
|
|
||
| Reviewed-by: Peter Hutterer <[email protected]> | ||
| Tested-by: Peter Hutterer <[email protected]> | ||
| Reviewed-by: José Expósito <[email protected]> | ||
| Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1733> | ||
| --- | ||
| xkb/xkb.c | 8 ++++---- | ||
| 1 file changed, 4 insertions(+), 4 deletions(-) | ||
|
|
||
| diff --git a/xkb/xkb.c b/xkb/xkb.c | ||
| index 868d7c1e64..aaf9716b36 100644 | ||
| --- a/xkb/xkb.c | ||
| +++ b/xkb/xkb.c | ||
| @@ -2990,13 +2990,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev, | ||
| XkbSymInterpretPtr sym; | ||
| unsigned int skipped = 0; | ||
|
|
||
| - if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) { | ||
| - compat->num_si = req->firstSI + req->nSI; | ||
| + if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) { | ||
| + compat->num_si = compat->size_si = req->firstSI + req->nSI; | ||
| compat->sym_interpret = reallocarray(compat->sym_interpret, | ||
| - compat->num_si, | ||
| + compat->size_si, | ||
| sizeof(XkbSymInterpretRec)); | ||
| if (!compat->sym_interpret) { | ||
| - compat->num_si = 0; | ||
| + compat->num_si = compat->size_si = 0; | ||
| return BadAlloc; | ||
| } | ||
| } | ||
| -- | ||
| GitLab |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,7 +21,7 @@ | |
| Summary: X.Org X11 X server | ||
| Name: xorg-x11-server | ||
| Version: 1.20.10 | ||
| Release: 12%{?dist} | ||
| Release: 13%{?dist} | ||
| License: MIT | ||
| Vendor: Microsoft Corporation | ||
| Distribution: Mariner | ||
|
|
@@ -69,6 +69,7 @@ Patch19: Avoid_possible_double-free_in_ProcRenderAddGlyphs.patch | |
| Patch20: CVE-2024-0229.patch | ||
| Patch21: CVE-2024-0409.patch | ||
| Patch22: CVE-2024-21886.patch | ||
| Patch23: CVE-2024-9632.patch | ||
|
|
||
| # Backported Xwayland randr resolution change emulation support | ||
| Patch501: 0001-dix-Add-GetCurrentClient-helper.patch | ||
|
|
@@ -399,6 +400,9 @@ find %{buildroot} -type f -name "*.la" -delete -print | |
| %{_datadir}/aclocal/xorg-server.m4 | ||
|
|
||
| %changelog | ||
| * Thu Nov 14 2024 Suresh Babu Chalamalasetty <[email protected]> - 1.20.10-13 | ||
| - Fix for CVE-2024-9632 | ||
|
|
||
| * Tue Sep 17 2024 Sumedh Sharma <[email protected]> - 1.20.10-12 | ||
| - Add patch to resolve CVE-2024-0229, CVE-2024-0409 & CVE-2024-21886. | ||
|
|
||
|
|
||