Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Apr 2015 23:22:20 -0400 (EDT)
From: cve-assign@...re.org
To: meissner@...e.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, xorg_security@...rg
Subject: Re: CVE request: X server crash by client

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> We got notified that the fix for CVE-2014-8092 introduced the possibility
> of a division by 0 when the "height" for the PutImage call is 0, leading
> to X server abort.
> 
> This was already fixed in January in X git.
> http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b
> 
> As this is a local denial of service, but might be triggerable by images with 0 height
> supplied externally, it might need a CVE.

Use CVE-2015-3418.

> https://bugzilla.novell.com/show_bug.cgi?id=928520

This currently doesn't seem to be a public bug - we don't know whether
that's intentional.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVOwe3AAoJEKllVAevmvms170IALWrHYmuCpdiUYi5wSfexpd2
3YhS+UQTpZnhxYbZSF3kfM++MVXE5SuOen+5sfXNum2Y1ekbLTRbGEj7ausfzVI9
JouLh7UV7L3Eu/1JCyFBua3RLPyiPAJI0+XakQa4byK1FJn4ltsdntH+fwoVyk5t
uILMXDj6EA5n4gSokRJRm01gDvmeTw55HtQe57DZSRt48zCwv+BgIm8+JhpFsTFU
LmH4DtbAUyYWi1eWYDrLE7HBkE6hXtX2flPoxRHi48Ery+nNwX63pL2Qt077bgd8
W329vXc8fSkDpHzd5d6SlSQ5oaA9aSwVdWVPoqV397+wyTCpH1fZT/YdaN4XiZs=
=+GPK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ