Ubuntu
libx11 package

Avoid use-after-free in _XimProtoSetIMValues()

Bug #1820509 reported by Matthias Dieter Wallnöfer
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libx11 (Ubuntu)
Fix Released
High
Unassigned

Bug Description

I think that the patch https://gitlab.freedesktop.org/xorg/lib/libx11/commit/003e30a66a249f5c70b30d1c187385124cd4cdad (issue: https://gitlab.freedesktop.org/xorg/lib/libx11/issues/49) should be backported to both Ubuntu 16.04 LTS Xenial and Ubuntu 18.04 LTS Bionic.

Although it didn't get an explicit CVS, use-after-free scenarios should not get underestimated.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for your bug report. That eems indeed worth fixing, it's a bit difficult to know how sensitive the problem is without details though. Could you provide a bit more context on the bug, maybe a way to trigger it?

Changed in libx11 (Ubuntu):
importance: Undecided → High
Revision history for this message
Matthias Dieter Wallnöfer (mwallnoefer) wrote :

Unfortunately I just stumbled over this commit by accident since I checked the commit log of libX11. So for a reproduction we would need to contact the original reporter Sami Farin (https://bugs.freedesktop.org/show_bug.cgi?id=93186) but I do not find any valid email address from him.

Revision history for this message
Matthias Dieter Wallnöfer (mwallnoefer) wrote :

Any news on this?

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

this is fixed in 1.6.8-1 in eoan

an SRU can be considered if there's a use-case which benefits from it, but sounds like there is none

Changed in libx11 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.