A vulnerability has been identified in X.Org X Server, which could be exploited by local attackers to obtain elevated privileges. This issue is caused by a buffer overflow error in the "compNewPixmap()" [composite/compalloc.c] function within the composite extension when copying the contents of pixmaps, which could be exploited by malicious users to execute arbitrary code with elevated privileges.
Affected Products: X.Org X Server versions prior to 1.4
The patch from http://bugs.freedesktop.org/show_bug.cgi?id=7447 applies to 22.214.171.124 fine:
cc'ing maintainers (per request)
meh.. sorry for the bugspam
x11, is the composite extension enabled or disabled by default?
Please provide an updated ebuild with the fix.
(In reply to comment #4)
> x11, is the composite extension enabled or disabled by default?
Off, but anyone using eye candy has it on.
> Please provide an updated ebuild with the fix.
Will get to it soon.
(In reply to comment #5)
> > Please provide an updated ebuild with the fix.
> Will get to it soon.
Any updates here?
126.96.36.199-r1 has this fix.
Arches, please test and mark stable x11-base/xorg-server-188.8.131.52-r1
target "alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86 ~x86-fbsd"
Stable for HPPA.
glsa request filed.