Bug 208343

Summary:	x11-base/xorg-server < 1.3.0.0-r5 MIT-SHM incomplete fix and Screensaver focus (CVE-2007-6429, CVE-2007-3920)
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	x11
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	A1 [glsaerrata]
Package list:		Runtime testing required:	---

Description Robert Buchholz (RETIRED) gentoo-dev

2008-01-31 19:48:24 UTC

According to dbkerkholz, "the mit-shm patch only does the security test on pixmaps of a certain bit depth rather than all of them"
This means CVE-2007-6429 is incompletely fixed in bug 204362. http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commit;h=be6c17fcf9efebc0bbcc3d9a25f8c5a2450c2161

There is also a better fix for CVE-2007-3920, "Don't break grab and focus state for a window when redirecting it." -- The fix we had in bug 196878 is "a huge hack" to quote donnie again ;-)
http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commit;h=a6a7fadbb03ee99312dfb15ac478ab3c414c1c0b

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-01-31 19:49:36 UTC

[20:42] <dberkholz> i can get ebuilds underway later this afternoon

Comment 2 Chris Gianelloni (RETIRED) gentoo-dev

2008-02-01 21:49:53 UTC

I'm going to go ahead and add release@ so I can track this one.

Donnie has just bumped the version in the tree.

<CIA-3> dberkholz * gentoo-x86/x11-base/xorg-server/ (5 files in 2 dirs):

Comment 3 Donnie Berkholz (RETIRED) gentoo-dev

2008-02-01 21:50:02 UTC

New ebuilds in the tree -- xorg-server-1.3.0.0-r5 and xorg-server-1.4.0.90-r3. 1.3.0.0-r5 is the stable target.

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2008-02-01 22:20:34 UTC

Arches, please test and mark stable:
=x11-base/xorg-server-1.3.0.0-r5
Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 release sh sparc x86"

Comment 5 Markus Meier gentoo-dev

2008-02-02 02:02:45 UTC

x86 stable

Comment 6 Brent Baude (RETIRED) gentoo-dev

2008-02-02 14:41:49 UTC

ppc64 stable

Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev

2008-02-02 15:56:52 UTC

ppc stable

Comment 8 Jeroen Roovers (RETIRED) gentoo-dev

2008-02-02 16:10:18 UTC

Stable for HPPA.

Comment 9 Raúl Porcel (RETIRED) gentoo-dev

2008-02-09 11:30:13 UTC

alpha/ia64/sparc stable

I can't believe amd64 didn't do this one yet...

Comment 10 Wulf Krueger (RETIRED) gentoo-dev

2008-02-11 06:04:39 UTC

Marked stable on amd64.

Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2008-02-11 18:35:34 UTC

Request filed.

Comment 12 Robert Buchholz (RETIRED) gentoo-dev

2008-02-11 23:58:19 UTC

I would handle this as an erratum to the previous GLSA, no?

Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2008-02-12 10:34:07 UTC

Sure I wasn' thinking straight. Could someone with ssh access to finch delete the draft I made?

Comment 14 Peter Volkov (RETIRED) gentoo-dev

2008-02-25 10:57:47 UTC

This bug was fixed in release snapshot.

Comment 15 Ryan Hill (RETIRED) gentoo-dev

2008-03-02 21:55:56 UTC

no stable for mips.

Comment 16 Robert Buchholz (RETIRED) gentoo-dev

2008-03-05 22:25:54 UTC

errata sent, thanks.
http://archives.gentoo.org/gentoo-announce/msg_e75f5d493fea7c6f718a850abd59598a.xml