X.Org Foundation Official Sccurity Advisory: All X Window Sysem Releases Through X11R6.8.2. - 12 September 2005

Leon Shiman leon at magic.shiman.com
Mon Sep 19 04:23:02 PDT 2005


              X.Org Foundation SECURITY ADVISORY
	      ==================================

Brookline MA, September 12, 2005 - X.Org has been made aware of a
possible security vulnerability in the XCreatePixmap function of
the X Server, which is shipped as part of the X Window System. 
The affected code is used to create and reserve memory for a
new pixmap in the X Server.


Due to missing range checks for the pixel size of the pixmap subsequent
pixmap read/write functions can access memory outside of the allocated
pixmap by any X client that can connect to the affected Xserver.
This way any user having access to the server can access memory that
is accessible from within the Xserver and/or crash the server.

The CVE number for these vulnerabilities is CAN-2005-2495. 
Please check also:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495

X.Org has tracked this issue in:
  https://bugs.freedesktop.org/show_bug.cgi?id=594

This advisory affects all known versions and releases of the 
X Window System whether from X.Org or other vendors. 

Therefore users are strongly recommended to upgrade.


A fix is available under:
  http://www.x.org/pub/X11R6.8.2/patches/xorg-CAN-2005-2495.patch

All future versions of X.Org will have this security vulnerability fixed.
Vendors shipping releases of the X Window System have been informed and 
will provide updates for their software.

The X.Org Foundation would like to thank Luke Hutchinson for identifying 
the security exploit as well as Soeren Sandmann for investigating the issue 
and providing a patch.



			---------------

For questions, contact: Leon Shiman, Secretary, The XOrg Foundation, at:

Shiman Associates Inc
(00)1.617.277.0087
leon at shiman.com




More information about the xorg mailing list