Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 104098 - x11-base/xorg-x11 More X stuff (Vendor-Sec)
Summary: x11-base/xorg-x11 More X stuff (Vendor-Sec)
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: CLASSIFIED
Keywords:
Depends on:
Blocks:
 
Reported: 2005-08-28 22:30 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2007-01-09 20:34 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-28 22:30:16 UTC
-------- Forwarded Message -------- 
> Oddi wrth: Matthieu Herrb <matthieu.herrb@laas.fr> 
> Ateb-I: Discuss issues related to the xorg tree 
> <xorg@lists.freedesktop.org> 
> I: Discuss issues related to the xorg tree 
> <xorg@lists.freedesktop.org> 
> Pwnc: Re: Updated 6.9/7.0 schedule and release plan 
> Dyddiad: Sat, 27 Aug 2005 22:06:40 +0200 
>  
> Kevin E Martin wrote: 
> > Note that RC1 is intended to be a full release candidate, which means it 
> > is something that we would consider putting into production.  After RC1, 
> > we will only be working on bug fixes for both the monolithic and modular 
> > trees.  In order to reach that point, we need to complete the following: 
> >  
> >  - Modularization work complete 
> >  - EXA drivers to be supported in initial release complete 
> >  - Fix as many bugs as possible 
>  
> The new malloc in OpenBSD has exposed 4 or 5 bugs in the existing code  
> (they were found in 6.8.2, but all are still present in the cvs HEAD  
> branch). They are mostly of 2 kinds: one byte read overflow at the end  
> of a pixmap or a simirar structure and access to memory that was  
> free()d. Even if other systems are not hurt as badly as OpenBSD 3.8 will  
> by these bugs, it would be good to have fix for them. 
>  
> These are bugzilla #3822, 4168, 4243 and 4247, plus one that was found  
> more recenty by Mark Kettenis but that he did not yet enter into bugzilla. 
>  
> >  - Supported platforms building and running 
> >  - Test infrastructure in place 
> >  - Tinderboxes running on supported platforms 
> >  
> > We will update this list and break it down in detail on the release plan 
> > page as needed. 
> >  
> > In order to determine which platforms will be supported in the initial 
> > modular release, we would like to hear from everyone who is in the 
> > process of adding support for their platform and/or plans to have their 
> > platform building and running before RC1 is created (i.e., in the next 
> > few weeks).  Currently, we know of: 
> >  
> >  - Linux (x86, amd64, ia64, ppc, sparc) 
> >  - Solaris (x86, amd64, sparc) 
> >  
> > Please add your name and OS/arch to the list above if you will have your 
> > platform supported in RC1. 
>  
> I'm working on getting OpenBSD (x86 and amd64 for now, sparc64 and alpha  
> if time permits) working. Unfortunatly the current schedule interferes  
> with other issues I've to deal with and I can't make promises that the  
> modulararized tree will support those in time. I prefer to focus on the  
> monolithic tree, which is easier to me, especially wrt existing bugs.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-29 22:24:18 UTC
More info from Red Hat: 
 
I asked our X developers to take a look at these, they said that these 
issues are illegal memory reads, which should not allow privilege 
escalation. 
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-09-07 07:16:30 UTC
So these would be Local DoS ? Or even just DoS-myself ?
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-09-13 04:32:54 UTC
Local users can bring down X. Woohoo. Let the fix filter from upstream normal
releases...