Contributed by jj on from the x-window-of-opportunity dept.
Patches are now available to fix an information leak in the XkbSetGeometry request of X servers. For more information, see the X.org advisory.
We experienced a slight delay getting patches out, as you can see from the date in the patch. This is a comparatively minor issue so we didn't rush things until correctly signed patches were available.
http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/021_xserver.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/016_xserver.patch.sig
untrusted comment: signature from openbsd 5.6 base private key RWR0EANmo9nqholgu2GQCCaaJuP9HvfU/V5+SgCtPaxbMZfHJRNbbCXzdsIWAL0Dfr9kMeNbiOs21lUgA4Ej3AFsptAdQsB9JQk=
OpenBSD 5.6 errata 16, February 20, 2015:
Information leak in the XkbSetGeometry request of X servers
Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request.
Apply patch using:
signify -Vep /etc/signify/openbsd-56-base.pub -x 016_xserver.patch.sig \ -m - | (cd /usr/xenocara && patch -p0)Then build and install a new xserver:
cd /usr/xenocara/xserver make -f Makefile.bsd-wrapper obj make -f Makefile.bsd-wrapper build
(Comments are closed)