Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 04 Dec 2013 11:04:12 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: security <security@...ntu.com>, xorg_security@...rg
Subject: Re: CVE Request: xorg-server and pixman

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/04/2013 07:46 AM, Jamie Strandboge wrote:
> On 12/04/2013 01:09 AM, Murray McAllister wrote:
>> On 12/04/2013 03:32 PM, Kurt Seifried wrote:
>>> On 12/03/2013 10:54 AM, Jamie Strandboge wrote:
>>> 
>>>> Hi,
>>> 
>>>> This bug has been public since August but I could find a CVE
>>>> for it: https://launchpad.net/bugs/1197921
>>> 
>>>> There are two bugs - Xorg can be made to crash and pixman
>>>> can trigger the aformentioned Xorg crash. A simplified
>>>> reproducer is in the pixman patches with another reproducer
>>>> in the Launchpad bug. The xorg
>>> 
>>>> xorg-server - exa: only draw valid trapezoids The patch was 
>>>> submitted in October but doesn't seem to be applied yet, so
>>>> I'm CC'ing xorg_security. Patch references the pixman f.d.o
>>>> bug, but doesn't seem to have an associated xorg bug. 
>>>> http://patchwork.freedesktop.org/patch/14769/ 
>>>> http://lists.x.org/archives/xorg-devel/2013-October/037996.html
>>>
>>>>
>>>> 
Pixman - Corrupted CustomShape crashes Xorg
>>>> https://bugs.freedesktop.org/show_bug.cgi?id=67484 Patch: - 
>>>> 5e14da97f16e421d084a9e735be21b1025150f0c (fix) - 
>>>> 2f876cf86718d3dd9b3b04ae9552530edafe58a1 (test case)
>>> 
>>>> Thanks!
>>> 
>>> 
>>> So only x.org crashes, you can trigger it via X.org, or via
>>> pixman? or is pixman also crashing?
>>> 
>>> 
>> 
>> From https://bugs.freedesktop.org/show_bug.cgi?id=67484 and 
>> http://patchwork.freedesktop.org/patch/14769/ it sounded like it
>> would affect both 1) crash an application using pixman 2) crash
>> the X server
>> 
>> Is that correct?
>> 
> 
> AIUI, this is correct. See: 
> https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921/comments/28
>
>  "No, it really is a bug in pixman too. I just fixed the same
> comparison that happens in xorg-server, but pixman is still
> affected."
> 
> 

Thanks. Please use CVE-2013-6424 for the issue in xorg-server

Please use CVE-2013-6425 for the issue in pixman.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSn26cAAoJEBYNRVNeJnmTguYP/3TopPXbCDX05nRTa66Ujpbr
A27KAVV/f9kRJInqKAND9pPqn3gxqlMdTyHftFsffn9qqf2b09rnO5jGDr7w/Mcp
L/0kXWrCRLjL6ATHOtncONx98sD1xH/u+5kdx9YmsHEqj4r0zbNrKOqXHVd9hOIe
y+7LyL2zOj4sWa+jG9rzYEDSlErE8OKgpKHE2MA+4wO0Ke5CICNd07ipXz5no2fW
fKfaYvoh+95bTEKzQJT95jmbIxj8nrsYIWQSu7Cn68XUwsR7vCxZVCU5zQkk6vmi
Hxeyv4Xo4QG4z5atMgg8NwTb2xLHjay9N8nFxYTu5J10MOGMqPncp90RYCjOZe5A
pP8pKjCIxC6CtgubuwF0gMRVO4U/jSOSbU949h8TUyCQNqM2CNpTBY1kmfbkSd+X
D6UBHfz1Sx0zt98h4bPhvq4hD+jn6yTfHpad8u2CxYalr3PMyxK4HtOTBTQTpJQL
TH75F1Fy7+S+fjSaXT+jl4yqQXyGJ6coDGUzHimuBiPAOrAw4pDHAqOYwRz2LH6a
laSnDYniRuA0MY9AhLvBxoepxFtazWW25m82efZzO93ayDo2QbNNrDo8lHWXws1k
Lq4gWL7dgx/LuD3XMmdZN6nagWHYGETsYrw4w90bxUH9DFCChEj+M00I6sPSh151
ceZqoiWqnt5tCOtd2dAe
=cdlh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ