X.Org security advisory: multiple vulnerabilities in the X server

Matthias Hopf mhopf at suse.de
Mon Jan 21 07:26:03 PST 2008


On Jan 21, 08 11:08:32 +0100, Matthieu Herrb wrote:
> | X.Org security advisory, January 17th, 2008
> | Multiple vulnerabilities in the X server
> | CVE IDs: CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428,
> |          CVE-2007-6429, CVE-2008-0006
> |
> | Overview
> |
> | Several vulnerabilities have been identified in server code of the X
> | window system caused by lack of proper input validation on user
> | controlled data in various parts of the software, causing various
> | kinds of overflows.
> |
> 
> Update: The patch for the MIT-SHM vulnerability (CVE-2007-6429)
> introduced a regression for applications that allocate pixmaps with a
> less than 8 bits depth. New patches are available for xserver 1.2 and
> xserver 1.4:
> 
> ftp://ftp.freedesktop.org/pub/xorg/X11R7.2/patches/xorg-xserver-1.2-multiple-overflows-v2.diff
> 
> ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-multiple-overflows-v2.diff

I also suggest taking git commit
be6c17fcf9efebc0bbcc3d9a25f8c5a2450c2161 into account (patch attached),
because the updated patch didn't test for size+offset overflow in the
<= 8bpp case.

CU

Matthias

-- 
Matthias Hopf <mhopf at suse.de>      __        __   __
Maxfeldstr. 5 / 90409 Nuernberg   (_   | |  (_   |__          mat at mshopf.de
Phone +49-911-74053-715           __)  |_|  __)  |__  R & D   www.mshopf.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cve.diff
Type: text/x-patch
Size: 1016 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20080121/fbee8bde/attachment.bin>


More information about the xorg mailing list