Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <525469CF.4000803@oracle.com>
Date: Tue, 08 Oct 2013 13:23:43 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Fwd: X.Org security advisory: CVE-2013-4396: Use after free in Xserver
 handling of ImageText requests

-------- Original Message --------
Subject: X.Org security advisory: CVE-2013-4396: Use after free in Xserver 
handling of ImageText requests
Date: Tue, 08 Oct 2013 13:20:16 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
Reply-To: xorg@...ts.freedesktop.org
To: xorg-announce@...ts.x.org, xorg <xorg@...ts.freedesktop.org>
CC: X.Org Security Team <xorg-security@...ts.x.org>,        Pedro Ribeiro 
<pedrib@...il.com>

X.Org Security Advisory: October 8, 2013 - CVE-2013-4396
Use after free in Xserver handling of ImageText requests
========================================================

Description:
============

Pedro Ribeiro (pedrib@...il.com) reported an issue to the X.Org security
team in which an authenticated X client can cause an X server to use memory
after it was freed, potentially leading to crash and/or memory corruption.

Affected Versions
=================

This bug appears to have been introduced in RCS version 1.42 on 1993/09/18,
and is thus believed to be present in every X server release starting with
X11R6.0 up to the current xorg-server 1.14.3.  (Manual inspection shows it
is present in the sources from the X11R6 tarballs, but not in those from the
X11R5 tarballs.)

Fixes
=====

A fix is available via the attached patch, which is intended to be included
in xorg-server 1.15.0 and 1.14.4.

Thanks
======

X.Org thanks Pedro Ribeiro for reporting this issues to our security team at
xorg-security@...ts.x.org.

-- 
	-Alan Coopersmith-              alan.coopersmith@...cle.com
	  X.Org Security Response Team - xorg-security@...ts.x.org





View attachment "0001-Avoid-use-after-free-in-dix-dixfonts.c-doImageText-C.patch" of type "text/plain" (2808 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.