| Summary: | x11-base/xorg-x11 mis-computation of buffer size (CVE-2006-1526) | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||||||||||||||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||||||||||||
| Status: | RESOLVED FIXED | ||||||||||||||||||||
| Severity: | critical | CC: | corsair, dberkholz, dertobi123, ferdy, fmccor, gustavoz, halcy0n, killerfox, tcort | ||||||||||||||||||
| Priority: | High | ||||||||||||||||||||
| Version: | unspecified | ||||||||||||||||||||
| Hardware: | All | ||||||||||||||||||||
| OS: | Linux | ||||||||||||||||||||
| URL: | http://lists.freedesktop.org/archives/xorg/2006-May/015136.html | ||||||||||||||||||||
| Whiteboard: | A1 [glsa] jaervosz | ||||||||||||||||||||
| Package list: | Runtime testing required: | --- | |||||||||||||||||||
| Attachments: |
|
||||||||||||||||||||
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2006-04-23 09:19:22 UTC
Created attachment 85279 [details, diff]
xrender-mitri.diff
Upstream patch.
Donnie please advise on severity and attach an updated ebuild to this bug. We will call Arch Security Liaisons to test. Do NOT commit anything yet. For severity, you can just read the description. Buffer overflow, probably exploitable by X clients (any X-using program). I'll be pushing out a new 6.8.2-r7, 6.9-r1 and xorg-server 1.0.2 and 1.0.99.901-r2. Ah, the joys of so many parallel ebuilds. Testers will probably want to test either 6.8.2 or 1.0.2, current stable and ~arch. Ebuilds coming today or tomorrow. Thx Donnie, just remember don't commit the updates to Portage just yet:-) You didn't need to tell me the first time, let alone a second. I don't really appreciate being treated like I'm clueless. To be on the safe side I'd rather say it too often. This was obviously too often. I was just not sure after reading your comment #3, OTOH you've handled stuff like this before and I should have remembered. Sorry about that. Created attachment 85322 [details, diff]
modular patch
Created attachment 85323 [details, diff]
monolith patch
Created attachment 85325 [details]
xorg-x11-6.8.2-r7.ebuild
Created attachment 85326 [details]
xorg-x11-6.9.0-r1.ebuild
Created attachment 85327 [details]
xorg-server-1.0.2-r4.ebuild
Created attachment 85328 [details]
xorg-server-1.0.99.901-r2.ebuild
Thx Donnie. Arch Security Liaisons please test and report back on this bug. I've confirmed the fix no longer crashes the server. Although the rendertest client crashes now, that's a separate issue. (In reply to comment #14) > I've confirmed the fix no longer crashes the server. Although the rendertest > client crashes now, that's a separate issue. I'm running xorg-x11-6.8.2-r6 on amd64 and I'd like to be able to confirm this. I tried checking out xcb-demo from cvs because it appears that xcb-demo isn't in portage. The cvs version fails on ./configure, it says: checking for XCB... configure: error: Package requirements (xcb) were not met: No package 'xcb' found and I have x11-misc/xcb-2.4 installed. Any hints? http://webcvs.freedesktop.org/xcb/xcb-demo/ cvs -d :pserver:anoncvs@cvs.freedesktop.org:/cvs/xcb co xcb-demo I have compile tested xorg-x11-6.8.2-r7 and xorg-server-1.0.2-r4 on PPC64 now. they compile just fine, but unfortunately I don't have access to the bug on fd.o bugzilla, so I don't know how to trigger this bug. Is there a testcase? (In reply to comment #15) > (In reply to comment #14) > > I've confirmed the fix no longer crashes the server. Although the rendertest > > client crashes now, that's a separate issue. > > I'm running xorg-x11-6.8.2-r6 on amd64 and I'd like to be able to confirm this. > I tried checking out xcb-demo from cvs because it appears that xcb-demo isn't > in portage. The cvs version fails on ./configure, it says: > > checking for XCB... configure: error: Package requirements (xcb) > were not met: No package 'xcb' found > > and I have x11-misc/xcb-2.4 installed. Any hints? X Cut Buffers != X C Bindings XCB is no longer maintained in CVS, it's in git. You'll need to install stuff in roughly this order: xcb-proto, xcb, xcb-util, xcb-demo. Created attachment 85366 [details, diff]
xcb-build.diff
This hacky patch fixes the build of xcb-util and xcb-demos.
(In reply to comment #16) > I have compile tested xorg-x11-6.8.2-r7 and xorg-server-1.0.2-r4 on PPC64 now. > > they compile just fine, but unfortunately I don't have access to the bug on > fd.o bugzilla, so I don't know how to trigger this bug. Is there a testcase? As mentioned in comment #0, rendertest from xcb/xcb-demo is the testcase. http://xcb.freedesktop.org/wiki/ has all the info. Adding Ferris since he's our xorg man in the sparc team. Um, for me, repoman hates -r6. There's no -r6 anywhere on this bug, so it's a little unclear what you're talking about. Seems fine to me. (x86) Seems fine to me. (amd64) Looks good on hppa Looks good on sparc 2.6/ati-pci. sparc with 2.6 kernel/sunffb video driver builds and seems fine when using xorg-server-1.0.99.901-r2 + the modular patch. Still missing test reports from alpha, ppc and ppc64 teams cc'ign ferdy on behalf of alpha. Looks ok on Alpha. 6.8.2-r7 looks good on ppc ppc64 please test and report back, disclosure date is tomorrow. sorry for being late. looks good on ppc64. Thx Markus. Security please review draft GLSA so we can release on time. Opening since it is public now. Donnie/someone with commit rights please commit the ebuilds, GLSA is ready. Ebuilds committed. Thx Joshua. This one is ready for GLSA. Let's give the mirrors a chance to sync before sending the GLSA. Thx everyone. GLSA 200605-02 |