Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 157421 - x11-base/xorg-server Multiple vulnerabilities in X.Org Render and DBE extensions (Vendor-Sec) (CVE-2006-610[1-3])
Summary: x11-base/xorg-server Multiple vulnerabilities in X.Org Render and DBE extensi...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A1? [glsa] jaervosz
Keywords:
: 161163 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-12-07 05:17 UTC by Sune Kloppenborg Jeppesen
Modified: 2019-12-30 12:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
dbe-render.diff (dbe-render.diff,5.20 KB, patch)
2007-01-07 12:31 UTC, Sune Kloppenborg Jeppesen
no flags Details | Diff
Memory Corruption Vulnerability1.txt (Memory Corruption Vulnerability1.txt,5.99 KB, text/plain)
2007-01-07 12:35 UTC, Sune Kloppenborg Jeppesen
no flags Details
Memory Corruption Vulnerability2.txt (Memory Corruption Vulnerability2.txt,5.81 KB, text/plain)
2007-01-07 12:36 UTC, Sune Kloppenborg Jeppesen
no flags Details
Memory Corruption Vulnerability3.txt (Memory Corruption Vulnerability3.txt,6.68 KB, text/plain)
2007-01-07 12:36 UTC, Sune Kloppenborg Jeppesen
no flags Details
1.0.2-dbe-render.diff (1.0.2-dbe-render.diff,5.11 KB, patch)
2007-01-07 17:21 UTC, Joshua Baergen (RETIRED)
no flags Details | Diff
xorg-server-1.0.2-r8.ebuild (xorg-server-1.0.2-r8.ebuild,6.10 KB, text/plain)
2007-01-07 17:21 UTC, Joshua Baergen (RETIRED)
no flags Details
1.1.1-dbe-render.diff (1.1.1-dbe-render.diff,5.20 KB, patch)
2007-01-07 17:22 UTC, Joshua Baergen (RETIRED)
no flags Details | Diff
xorg-server-1.1.1-r4.ebuild (xorg-server-1.1.1-r4.ebuild,16.94 KB, text/plain)
2007-01-07 17:22 UTC, Joshua Baergen (RETIRED)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen gentoo-dev 2006-12-07 05:17:02 UTC
Filing a short note now as no patches are currently available.

iDefense has contacted the X.Org security team about 3 vulnerabilities
they found in X.Org Render and DBE extensions.
Comment 1 Sune Kloppenborg Jeppesen gentoo-dev 2006-12-07 10:41:30 UTC
CVE-2006-6101 iDefense X.org ProcRenderAddGlyphs
CVE-2006-6102 iDefense X.org ProcDbeGetVisualInfo
CVE-2006-6103 iDefense X.org ProcDbeSwapBuffers
Comment 2 Sune Kloppenborg Jeppesen gentoo-dev 2007-01-07 12:31:10 UTC
Created attachment 105779 [details, diff]
dbe-render.diff
Comment 3 Sune Kloppenborg Jeppesen gentoo-dev 2007-01-07 12:35:45 UTC
Created attachment 105781 [details]
Memory Corruption Vulnerability1.txt
Comment 4 Sune Kloppenborg Jeppesen gentoo-dev 2007-01-07 12:36:00 UTC
Created attachment 105783 [details]
Memory Corruption Vulnerability2.txt
Comment 5 Sune Kloppenborg Jeppesen gentoo-dev 2007-01-07 12:36:12 UTC
Created attachment 105785 [details]
Memory Corruption Vulnerability3.txt
Comment 6 Sune Kloppenborg Jeppesen gentoo-dev 2007-01-07 12:36:38 UTC
Joshua please advise and attach an updated ebuild to this bug. Note that this is still confidential
Comment 7 Joshua Baergen (RETIRED) gentoo-dev 2007-01-07 17:21:13 UTC
Created attachment 105885 [details, diff]
1.0.2-dbe-render.diff
Comment 8 Joshua Baergen (RETIRED) gentoo-dev 2007-01-07 17:21:50 UTC
Created attachment 105887 [details]
xorg-server-1.0.2-r8.ebuild
Comment 9 Joshua Baergen (RETIRED) gentoo-dev 2007-01-07 17:22:28 UTC
Created attachment 105889 [details, diff]
1.1.1-dbe-render.diff

This is the same as the original dbe-render.diff.
Comment 10 Joshua Baergen (RETIRED) gentoo-dev 2007-01-07 17:22:56 UTC
Created attachment 105891 [details]
xorg-server-1.1.1-r4.ebuild
Comment 11 Joshua Baergen (RETIRED) gentoo-dev 2007-01-07 17:26:26 UTC
Hi Sune,

These two ebuilds replace all 1.0* and stable/testing 1.1* ebuilds.  1.1.99* and 1.2.99* will not be brought out of p.mask until new versions are released anyway, and those versions should include these fixes.

The patch needed a small change for the 1.0 server, but otherwise applied OK.  I re-did the patch so it should apply cleanly.  Although the advisories only talk about 1.1+, it does look like the 1.0 series is affected by this issue as well.
Comment 12 Sune Kloppenborg Jeppesen gentoo-dev 2007-01-09 18:23:34 UTC
*** Bug 161163 has been marked as a duplicate of this bug. ***
Comment 13 Donnie Berkholz (RETIRED) gentoo-dev 2007-01-09 18:32:15 UTC
For future reference, the Gentoo X lead should be informed of Gentoo's version of security issues. It's a lot better than making me look like a dunce filing dupes of bugs I should already know about (and did already know about, upstream). Please don't repeat this.
Comment 14 Sune Kloppenborg Jeppesen gentoo-dev 2007-01-09 18:39:36 UTC
If a maintainer is listed in metadata he get's CC'ed. Otherwise a victim is chosen from the Changelog. This time apparently the wrong one. Sorry about that.
Comment 15 Joshua Baergen (RETIRED) gentoo-dev 2007-01-13 00:14:29 UTC
(In reply to comment #13)
> For future reference, the Gentoo X lead should be informed of Gentoo's version
> of security issues. It's a lot better than making me look like a dunce filing
> dupes of bugs I should already know about (and did already know about,
> upstream). Please don't repeat this.
> 

Sorry, I barely had time to look at this and didn't realize you weren't notified.

Now that the issue is public, are we waiting for something?  Am I supposed to be doing something?
Comment 16 Donnie Berkholz (RETIRED) gentoo-dev 2007-01-13 00:23:06 UTC
(In reply to comment #15)
> Now that the issue is public, are we waiting for something?  Am I supposed to
> be doing something?

Stick this stuff into the tree and tell us which arches need to stable it.
Comment 17 Joshua Baergen (RETIRED) gentoo-dev 2007-01-13 17:12:59 UTC
Ebuilds are in the tree.  I'll clean out all the old ebuilds later once everything's stabled up.

Archs, please stable the appropriate ebuilds below:

everyone:
xorg-server-1.1.1-r4.ebuild

amd64, hppa, ppc64, x86:
xorg-server-1.0.2-r8.ebuild
Comment 18 Markus Meier gentoo-dev 2007-01-13 19:44:05 UTC
x11-base/xorg-server-1.1.1-r4  USE="aiglx dri ipv6 nptl sdl xorg xprint -3dfx -debug -dmx -kdrive -minimal"
1. emerges on x86, please note:
QA Notice: the following files are setXid, dyn linked, and using lazy bindings
LAZY usr/bin/Xorg
2. passes collision test
3. works

Gentoo Base System version 1.12.6
Portage 2.1.1-r2 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.18.5 i686)
=================================================================
System uname: 2.6.18.5 i686 AMD Athlon(TM) XP1800+
Last Sync: Sat, 13 Jan 2007 16:30:04 +0000
ccache version 2.4 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r6
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="autoconfig ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LANG="en_GB.utf8"
LINGUAS="en de en_GB"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/pack
ages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/normal"
SYNC="rsync://192.168.2.1/gentoo-portage"
USE="x86 3dnow 3dnowext X a52 aac alsa alsa_cards_ali5451 alsa_cards_als4000 alsa_cards_atiixp alsa_cards_atiixp-modem alsa_cards_bt87x alsa_cards_ca0106 alsa_cards_cmipci alsa_cards_emu10k1x alsa_cards_en
s1370 alsa_cards_ens1371 alsa_cards_es1938 alsa_cards_es1968 alsa_cards_fm801 alsa_cards_hda-intel alsa_cards_intel8x0 alsa_cards_intel8x0m alsa_cards_maestro3 alsa_cards_trident alsa_cards_usb-audio alsa_
cards_via82xx alsa_cards_via82xx-modem alsa_cards_ymfpci alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plug
ins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_
pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_
pcm_plugins_shm alsa_pcm_plugins_softvol apache2 berkdb bitmap-fonts bzip2 cairo cdr cli cracklib crypt cups dbus divx4linux dlloader dri dts dvd dvdr dvdread eds elibc_glibc emboss exif fam ffmpeg firefox
 fortran gdbm gif gnome gphoto2 gpm gstreamer gtk hal iconv input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kernel_linux ldap libg++ linguas_de linguas_en linguas_en_GB mad mikmod mmx
 mmxext mono mp3 mpeg ncurses network nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl seamonkey session spell spl ssl tcpd test tetex
tiff truetype truetype-fonts type1-fonts udev unicode usb userland_GNU vcd video_cards_none video_cards_nv vorbis win32codecs xine xinerama xml xorg xprint xv xvid zlib"
Unset:  CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 19 Tobias Scherbaum (RETIRED) gentoo-dev 2007-01-13 19:57:46 UTC
ppc stable
Comment 20 Andrej Kacian (RETIRED) gentoo-dev 2007-01-13 23:25:20 UTC
Both 1.0.2-r8 and 1.1.1-r4 stable on x86.
Comment 21 Ferris McCormick (RETIRED) gentoo-dev 2007-01-14 17:20:28 UTC
xorg-server-1.1.1-r4 stable on sparc.
Comment 22 Markus Rothe (RETIRED) gentoo-dev 2007-01-14 18:50:09 UTC
ppc64 stable
Comment 23 Jeroen Roovers gentoo-dev 2007-01-14 23:40:01 UTC
Marked stable for HPPA by killerfox.
Comment 24 Bryan Østergaard (RETIRED) gentoo-dev 2007-01-15 18:03:06 UTC
1.1.1-r4 stable on Alpha.
Comment 25 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-01-22 12:06:00 UTC
ping amd64, a problem?
Comment 26 Steve Dibb (RETIRED) gentoo-dev 2007-01-22 15:20:49 UTC
(In reply to comment #17)
> Ebuilds are in the tree.  I'll clean out all the old ebuilds later once
> everything's stabled up.
> 
> Archs, please stable the appropriate ebuilds below:
> 
> everyone:
> xorg-server-1.1.1-r4.ebuild
> 
> amd64, hppa, ppc64, x86:
> xorg-server-1.0.2-r8.ebuild

amd64 stable
> 

Comment 27 Matthias Geerdsen (RETIRED) gentoo-dev 2007-01-22 16:33:46 UTC
(In reply to comment #17)

> everyone:
> xorg-server-1.1.1-r4.ebuild
> 
> amd64, hppa, ppc64, x86:
> xorg-server-1.0.2-r8.ebuild

hppa, you also want to mark 1.0.2-r8 stable? 

Comment 28 Guy Martin (RETIRED) gentoo-dev 2007-01-22 20:39:37 UTC
(In reply to comment #27)
> hppa, you also want to mark 1.0.2-r8 stable? 


nope, ppl will have to upgrade to latest. Tnx for checking

Comment 29 Donnie Berkholz (RETIRED) gentoo-dev 2007-01-24 06:59:07 UTC
We just stopped supporting xorg-server 1.0 because of the release of 1.2 (two "major" versions later). We now support only 1.1 and 1.2.

So feel free to leave 1.0 out of the GLSA entirely -- >=xorg-server-1.1.1-r4 is safe and that's it.
Comment 30 Joshua Baergen (RETIRED) gentoo-dev 2007-01-27 18:13:36 UTC
Looks like we're just waiting for ARM and MIPS.
Comment 31 Matthias Geerdsen (RETIRED) gentoo-dev 2007-01-27 19:42:37 UTC
GLSA 200701-25

thanks everyone