Bug 413811 (CVE-2007-6427)
Summary: | CVE-2007-6427 xorg / xfree86: memory corruption via XInput extension | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | airlied, ajax, kreilly, security-response-team, tyan, xgl-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 1.3.0.0-39.fc8 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-01-22 15:31:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 419451, 419461, 419481, 419501, 419521, 419531, 429125, 429126, 429127 | ||
Bug Blocks: |
Description
Tomas Hoger
2007-12-06 11:45:28 UTC
Upstream bug report: https://bugs.freedesktop.org/show_bug.cgi?id=13522 Verified patch 'freedesktop-bug-13522.patch' was excluded from xorg-x11-6.8.2-1.EL.33.0.1.src.rpm. And the patch 'cve-2007-6427.patch' fixed chgprop.c, sendexev.c, chgkmap.c, grabdevb.c, selectev.c, grabdevk.c, grabdev.c and chgfctl.c files. Lifting embargo: http://lists.freedesktop.org/archives/xorg/2008-January/031918.html From https://bugs.freedesktop.org/show_bug.cgi?id=13522#c4 Without the fix, the X server crashes, with it, for all the above it should print: TEST PASSED: illegal call returned BadLength ============ Test Case 2 did not pass with XFree86-4.3.0-125.EL.src.rpm on PPC arch <ppcp-3as.lab.boston.redhat.com> [root@spike ~]# DISPLAY=`ppcp-3as.lab.boston.redhat.com`:0.0 ./testcase-13522 1 bash: ppcp-3as.lab.boston.redhat.com: command not found Testing ChangeDeviceDontPropagateList... TEST PASSED: illegal call returned BadLength [root@spike ~]# DISPLAY=`ppcp-3as.lab.boston.redhat.com`:0.0 ./testcase-13522 2 bash: ppcp-3as.lab.boston.redhat.com: command not found Testing ChangeDeviceKeyMapping... X Error of failed request: BadDevice, invalid or uninitialized input device Major opcode of failed request: 146 (XInputExtension) Minor opcode of failed request: 25 (X_ChangeDeviceKeyMapping) Serial number of failed request: 11 Current serial number in output stream: 12 [root@spike ~]# DISPLAY=`ppcp-3as.lab.boston.redhat.com`:0.0 ./testcase-13522 3 bash: ppcp-3as.lab.boston.redhat.com: command not found Testing GrabDevice... TEST PASSED: illegal call returned BadLength [root@spike ~]# DISPLAY=`ppcp-3as.lab.boston.redhat.com`:0.0 ./testcase-13522 4 bash: ppcp-3as.lab.boston.redhat.com: command not found Testing GrabDeviceButton... TEST PASSED: illegal call returned BadLength [root@spike ~]# DISPLAY=`ppcp-3as.lab.boston.redhat.com`:0.0 ./testcase-13522 5 bash: ppcp-3as.lab.boston.redhat.com: command not found Testing GrabDeviceKey... TEST PASSED: illegal call returned BadLength [root@spike ~]# DISPLAY=`ppcp-3as.lab.boston.redhat.com`:0.0 ./testcase-13522 6 bash: ppcp-3as.lab.boston.redhat.com: command not found Testing SelectExtensionEvent... TEST PASSED: illegal call returned BadLength [root@spike ~]# DISPLAY=`ppcp-3as.lab.boston.redhat.com`:0.0 ./testcase-13522 7 bash: ppcp-3as.lab.boston.redhat.com: command not found Testing SendExtensionEvent... TEST PASSED: illegal call returned BadLength xorg-x11-server-1.3.0.0-39.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. xorg-x11-server-1.3.0.0-15.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0031.html http://rhn.redhat.com/errata/RHSA-2008-0030.html http://rhn.redhat.com/errata/RHSA-2008-0029.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0831 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0760 |