Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 08 Oct 2013 13:23:43 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Fwd: X.Org security advisory: CVE-2013-4396: Use after free in Xserver
 handling of ImageText requests

-------- Original Message --------
Subject: X.Org security advisory: CVE-2013-4396: Use after free in Xserver 
handling of ImageText requests
Date: Tue, 08 Oct 2013 13:20:16 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
Reply-To: xorg@...ts.freedesktop.org
To: xorg-announce@...ts.x.org, xorg <xorg@...ts.freedesktop.org>
CC: X.Org Security Team <xorg-security@...ts.x.org>,        Pedro Ribeiro 
<pedrib@...il.com>

X.Org Security Advisory: October 8, 2013 - CVE-2013-4396
Use after free in Xserver handling of ImageText requests
========================================================

Description:
============

Pedro Ribeiro (pedrib@...il.com) reported an issue to the X.Org security
team in which an authenticated X client can cause an X server to use memory
after it was freed, potentially leading to crash and/or memory corruption.

Affected Versions
=================

This bug appears to have been introduced in RCS version 1.42 on 1993/09/18,
and is thus believed to be present in every X server release starting with
X11R6.0 up to the current xorg-server 1.14.3.  (Manual inspection shows it
is present in the sources from the X11R6 tarballs, but not in those from the
X11R5 tarballs.)

Fixes
=====

A fix is available via the attached patch, which is intended to be included
in xorg-server 1.15.0 and 1.14.4.

Thanks
======

X.Org thanks Pedro Ribeiro for reporting this issues to our security team at
xorg-security@...ts.x.org.

-- 
	-Alan Coopersmith-              alan.coopersmith@...cle.com
	  X.Org Security Response Team - xorg-security@...ts.x.org





View attachment "0001-Avoid-use-after-free-in-dix-dixfonts.c-doImageText-C.patch" of type "text/plain" (2808 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ