First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 74464
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
linux-2.4.28-CAN-2004-1056.patch 2.4.28 Patch patch Tim Yamin (RETIRED) 2004-12-21 11:05 0000 9.89 KB Details | Diff
linux-2.6.7-CAN-2004-1056.patch 2.6.7 / 2.6.8.1 Patch patch Tim Yamin (RETIRED) 2004-12-21 11:06 0000 6.04 KB Details | Diff
linux-2.6.9-CAN-2004-1056.patch 2.6.9 Patch patch Tim Yamin (RETIRED) 2004-12-21 11:07 0000 8.26 KB Details | Diff
linux-2.4.28-CAN-2004-1056.patch 2.4.28 Patch patch Tim Yamin (RETIRED) 2004-12-23 08:54 0000 10.99 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 74464 depends on: Show dependency tree
Bug 74464 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-12-15 02:51 0000 
CAN-2004-1056:

Thomas Hellstr

------- Comment #1 From Thierry Carrez (RETIRED) 2004-12-15 02:51:47 0000 ------- 
CAN-2004-1056:

Thomas Hellström discovered a Denial of Service vulnerability in the Direct
Rendering Manager (DRM) drivers. Due to an insufficient DMA lock checking,
any authorized client could send arbitrary values to the video card, which
could cause an X server crash or modification of the video output.

------- Comment #2 From Donnie Berkholz 2004-12-15 10:22:11 0000 ------- 
Bryan, wanna take a look at this for x11-drm?

------- Comment #3 From Bryan Stine 2004-12-15 23:30:03 0000 ------- 
Fixed in x11-drm 20040827, in patchball 0.2.

------- Comment #4 From Thierry Carrez (RETIRED) 2004-12-16 01:33:01 0000 ------- 
Sorry if this question souds stupid, but... I thought this was a kernel issue,
but in fact it is a x11-base/x11-drm issue ?

------- Comment #5 From Donnie Berkholz 2004-12-16 01:44:34 0000 ------- 
It's like alsa-drivers: both in-kernel and out-of-kernel versions.

------- Comment #6 From Tim Yamin (RETIRED) 2004-12-21 11:05:58 0000 ------- 
Created an attachment (id=46555) [edit]
2.4.28 Patch

------- Comment #7 From Tim Yamin (RETIRED) 2004-12-21 11:06:53 0000 ------- 
Created an attachment (id=46556) [edit]
2.6.7 / 2.6.8.1 Patch

------- Comment #8 From Tim Yamin (RETIRED) 2004-12-21 11:07:13 0000 ------- 
Created an attachment (id=46557) [edit]
2.6.9 Patch

------- Comment #9 From Donnie Berkholz 2004-12-21 11:10:39 0000 ------- 
Bryan, could you please revision bump x11-drm for this? Just adding the patch
to the current ebuild won't fix things for people who already emerged it.

------- Comment #10 From Tim Yamin (RETIRED) 2004-12-23 08:54:58 0000 ------- 
Created an attachment (id=46719) [edit]
2.4.28 Patch

------- Comment #11 From Tim Yamin (RETIRED) 2004-12-24 16:36:44 0000 ------- 
Ok, all patched - the following externally maintained sources still need
patching:

gentoo-dev-sources -- Adding dsd...
grsec-sources -- Adding tocharian...
hppa(-dev)-sources -- Adding GMSoft...
mips-sources -- Adding `Kumba...
openmosix-sources -- Adding cluster herd...
pegasos-dev-sources -- Adding dholm...
rsbac(-dev)-sources -- Adding kang...

------- Comment #12 From Tim Yamin (RETIRED) 2004-12-24 16:43:18 0000 ------- 
Also applies to sparc-sources; adding Joker...

------- Comment #13 From Christian Birchinger 2004-12-24 17:20:15 0000 ------- 
I don't think this Intel 810/830 DRI/DRM stuff works in a sparc.

------- Comment #14 From Christian Birchinger 2004-12-24 19:04:32 0000 ------- 
Not that i think it's needed but other security holes needed a new release
anyway.
Fixed sparc-sources-2.4.28-r3 released.

------- Comment #15 From David Holm (RETIRED) 2004-12-25 05:30:25 0000 ------- 
pegasos-dev-sources fixed, although I don't know of any ppc hardware that use
Intel GPUs

------- Comment #16 From Adam Mondl (RETIRED) 2004-12-25 05:33:49 0000 ------- 
grsec-sources-2.4.28.2.0.2-r3 fixed

------- Comment #17 From Daniel Drake 2004-12-25 17:54:20 0000 ------- 
gentoo-dev-sources done (both 2.6.9 and 2.6.10)

------- Comment #18 From Konstantin Arkhipov 2004-12-27 01:21:25 0000 ------- 
done in oM6-sources

------- Comment #19 From Guy Martin 2004-12-27 06:26:04 0000 ------- 
2.4 is dropped on hppa and I've patched 2.6.10-pa1.

------- Comment #20 From Donnie Berkholz 2005-01-02 12:22:41 0000 ------- 
https://bugs.freedesktop.org/show_bug.cgi?id=1803 is the upstream bug, fyi.

------- Comment #21 From Joshua Kinard 2005-01-05 21:21:25 0000 ------- 
mips-sources fixed.

------- Comment #22 From Guillaume Destuynder (RETIRED) 2005-01-13 16:00:54 0000 ------- 
fixed in rsbac-(dev-)sources

------- Comment #23 From Guillaume Destuynder (RETIRED) 2005-01-21 05:39:23 0000 ------- 
rsbac-sources 2.4 is also fixed in ~x86

------- Comment #24 From Thierry Carrez (RETIRED) 2005-03-16 03:16:24 0000 ------- 
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

------- Comment #25 From Tim Yamin (RETIRED) 2005-03-16 06:13:14 0000 ------- 
All fixed, closing bug.

------- Comment #26 From Robert Buchholz 2009-05-03 13:59:46 0000 ------- 
http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=e7e4457059cd62ec5b67ab9758229cf4ae9f3035
First Last Prev Next    No search results available      Search page      Enter new bug