oss-sec mailing list archives
Re: CVE Request: xorg-server and pixman
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 04 Dec 2013 11:04:12 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/04/2013 07:46 AM, Jamie Strandboge wrote:
On 12/04/2013 01:09 AM, Murray McAllister wrote:On 12/04/2013 03:32 PM, Kurt Seifried wrote:On 12/03/2013 10:54 AM, Jamie Strandboge wrote:Hi,This bug has been public since August but I could find a CVE for it: https://launchpad.net/bugs/1197921There are two bugs - Xorg can be made to crash and pixman can trigger the aformentioned Xorg crash. A simplified reproducer is in the pixman patches with another reproducer in the Launchpad bug. The xorgxorg-server - exa: only draw valid trapezoids The patch was submitted in October but doesn't seem to be applied yet, so I'm CC'ing xorg_security. Patch references the pixman f.d.o bug, but doesn't seem to have an associated xorg bug. http://patchwork.freedesktop.org/patch/14769/ http://lists.x.org/archives/xorg-devel/2013-October/037996.html
Pixman - Corrupted CustomShape crashes Xorg
https://bugs.freedesktop.org/show_bug.cgi?id=67484 Patch: - 5e14da97f16e421d084a9e735be21b1025150f0c (fix) - 2f876cf86718d3dd9b3b04ae9552530edafe58a1 (test case)Thanks!So only x.org crashes, you can trigger it via X.org, or via pixman? or is pixman also crashing?From https://bugs.freedesktop.org/show_bug.cgi?id=67484 and http://patchwork.freedesktop.org/patch/14769/ it sounded like it would affect both 1) crash an application using pixman 2) crash the X server Is that correct?AIUI, this is correct. See: https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921/comments/28 "No, it really is a bug in pixman too. I just fixed the same comparison that happens in xorg-server, but pixman is still affected."
Thanks. Please use CVE-2013-6424 for the issue in xorg-server Please use CVE-2013-6425 for the issue in pixman. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSn26cAAoJEBYNRVNeJnmTguYP/3TopPXbCDX05nRTa66Ujpbr A27KAVV/f9kRJInqKAND9pPqn3gxqlMdTyHftFsffn9qqf2b09rnO5jGDr7w/Mcp L/0kXWrCRLjL6ATHOtncONx98sD1xH/u+5kdx9YmsHEqj4r0zbNrKOqXHVd9hOIe y+7LyL2zOj4sWa+jG9rzYEDSlErE8OKgpKHE2MA+4wO0Ke5CICNd07ipXz5no2fW fKfaYvoh+95bTEKzQJT95jmbIxj8nrsYIWQSu7Cn68XUwsR7vCxZVCU5zQkk6vmi Hxeyv4Xo4QG4z5atMgg8NwTb2xLHjay9N8nFxYTu5J10MOGMqPncp90RYCjOZe5A pP8pKjCIxC6CtgubuwF0gMRVO4U/jSOSbU949h8TUyCQNqM2CNpTBY1kmfbkSd+X D6UBHfz1Sx0zt98h4bPhvq4hD+jn6yTfHpad8u2CxYalr3PMyxK4HtOTBTQTpJQL TH75F1Fy7+S+fjSaXT+jl4yqQXyGJ6coDGUzHimuBiPAOrAw4pDHAqOYwRz2LH6a laSnDYniRuA0MY9AhLvBxoepxFtazWW25m82efZzO93ayDo2QbNNrDo8lHWXws1k Lq4gWL7dgx/LuD3XMmdZN6nagWHYGETsYrw4w90bxUH9DFCChEj+M00I6sPSh151 ceZqoiWqnt5tCOtd2dAe =cdlh -----END PGP SIGNATURE-----
Current thread:
- CVE Request: xorg-server and pixman Jamie Strandboge (Dec 03)
- Re: CVE Request: xorg-server and pixman Kurt Seifried (Dec 03)
- Re: CVE Request: xorg-server and pixman Murray McAllister (Dec 03)
- Re: CVE Request: xorg-server and pixman Jamie Strandboge (Dec 04)
- Re: CVE Request: xorg-server and pixman Kurt Seifried (Dec 04)
- Re: CVE Request: xorg-server and pixman Murray McAllister (Dec 03)
- Re: CVE Request: xorg-server and pixman Kurt Seifried (Dec 03)