Date: Tue, 08 Oct 2013 13:23:43 -0700 From: Alan Coopersmith <alan.coopersmith@...cle.com> To: oss-security@...ts.openwall.com Subject: Fwd: X.Org security advisory: CVE-2013-4396: Use after free in Xserver handling of ImageText requests -------- Original Message -------- Subject: X.Org security advisory: CVE-2013-4396: Use after free in Xserver handling of ImageText requests Date: Tue, 08 Oct 2013 13:20:16 -0700 From: Alan Coopersmith <alan.coopersmith@...cle.com> Reply-To: xorg@...ts.freedesktop.org To: xorg-announce@...ts.x.org, xorg <xorg@...ts.freedesktop.org> CC: X.Org Security Team <xorg-security@...ts.x.org>, Pedro Ribeiro <pedrib@...il.com> X.Org Security Advisory: October 8, 2013 - CVE-2013-4396 Use after free in Xserver handling of ImageText requests ======================================================== Description: ============ Pedro Ribeiro (pedrib@...il.com) reported an issue to the X.Org security team in which an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption. Affected Versions ================= This bug appears to have been introduced in RCS version 1.42 on 1993/09/18, and is thus believed to be present in every X server release starting with X11R6.0 up to the current xorg-server 1.14.3. (Manual inspection shows it is present in the sources from the X11R6 tarballs, but not in those from the X11R5 tarballs.) Fixes ===== A fix is available via the attached patch, which is intended to be included in xorg-server 1.15.0 and 1.14.4. Thanks ====== X.Org thanks Pedro Ribeiro for reporting this issues to our security team at xorg-security@...ts.x.org. -- -Alan Coopersmith- alan.coopersmith@...cle.com X.Org Security Response Team - xorg-security@...ts.x.org View attachment "0001-Avoid-use-after-free-in-dix-dixfonts.c-doImageText-C.patch" of type "text/plain" (2808 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.