oss-sec mailing list archives
Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 14 Apr 2015 09:10:04 -0700
X.Org issued the attached advisory today, just in case any distro builders hadn't rebuilt yet and hadn't noticed the discussion here. As usual, it's also posted to our advisories page at: http://www.x.org/wiki/Development/Security/ -- -Alan Coopersmith- alan.coopersmith () oracle com X.Org Security Response Team - xorg-security () lists x org
--- Begin Message --- From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 14 Apr 2015 08:57:18 -0700
X.Org Security Advisory: April 14, 2015 Buffer overflow in MakeBigReq macro in libX11 prior to 1.6 [CVE-2013-7439] ========================================================================== Description: ============ It's been brought to X.Org's attention that this commit: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d which was included in libX11 1.5.99.901 (1.6 RC1) and later releases fixed an issue which may be exploitable when X clients are rendering untrusted content, such as in web browsers. Mitre has thus issued CVE-2013-7439 for tracking this vulnerability. Further discussion is available in the oss-security thread starting at http://seclists.org/oss-sec/2015/q2/73 . Note that as this affects a macro in a header file, all software using this macro will need to be recompiled for the fix to take effect. Since the Xlibint.h header provides access to the internals of libX11, it should not be directly accessed by most clients, but nearly all of the Xlib-based extension libraries are affected, as are some third-party client libraries and programs who have ill-advisedly relied on libX11 internals. X.Org software known to use these macros includes: libXext libXfixes libXi libXp libXrandr libXrender libXv libXxf86misc xf86-video-vmware Some uses of the macros in other software may be found at: http://codesearch.debian.net/results/SetReqLen http://codesearch.debian.net/results/MakeBigReq but of course, only a search of your own code base will be exhaustive. Affected Versions ================= The off-by-one-word error in the amount of memory to copy was introduced in the original integration of the BigRequests extension for X11R6.0: http://cgit.freedesktop.org/~alanc/xc-historical/commit/?id=57ae039acec35ee7df4bc3f3c02abd957780b026 thus X.Org believes all versions of X11R6.x are affected, as are all versions of the standalone libX11 prior to the libX11 1.6.0 release in June 2013. Fixes ===== As noted above, the fix is already available in this libX11 git commit: 39547d600a13713e15429f49768e54c3173c828d which is also included in libX11 1.6.0 and later module releases from X.Org, however, for the fix to be effective, all software which references the MakeBigReq() or SetReqLen() macros from Xlibint.h must be recompiled with the new header. -- -Alan Coopersmith- alan.coopersmith () oracle com X.Org Security Response Team - xorg-security () lists x orgAttachment: _bin
Description:_______________________________________________ xorg-devel () lists x org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
--- End Message ---
Current thread:
- CVE Request: libX11: buffer overflow in MakeBigReq macro Marc Deslauriers (Apr 07)
- Re: CVE Request: libX11: buffer overflow in MakeBigReq macro cve-assign (Apr 09)
- Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Florian Weimer (Apr 09)
- Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Marc Deslauriers (Apr 09)
- Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Yann Droneaud (Apr 09)
- Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Alan Coopersmith (Apr 14)
- Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Alan Coopersmith (Apr 09)
- Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro Florian Weimer (Apr 09)
- Re: CVE Request: libX11: buffer overflow in MakeBigReq macro cve-assign (Apr 09)
- Re: CVE Request: libX11: buffer overflow in MakeBigReq macro cve-assign (Apr 09)