Bug 190777 - CVE-2006-1526 X.Org buffer overflow
CVE-2006-1526 X.Org buffer overflow
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: xorg-x11 (Show other bugs)
fc3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
impact=important, LEGACY, 3
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-04 22:04 EDT by Marc Deslauriers
Modified: 2007-04-18 13:42 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-06-06 19:22:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed FLSA for xorg-x11 (12.24 KB, text/plain)
2006-06-05 05:53 EDT, David Eisenstein
no flags Details

  None (edit)
Description Marc Deslauriers 2006-05-04 22:04:40 EDT
+++ This bug was initially created as a clone of Bug #189801 +++

X.Org bugger overflow

Bart Massey, a X.Org user reported that "When running rendertest from
XCB xcb/xcb-demo, the Xorg X server crashes partway through.  100%
reproducible on a wide variety of graphics architectures".

The upstream bug for this issue can be found here:
https://bugs.freedesktop.org/show_bug.cgi?id=6642

The problem, analyzed by Eric Anholt is a typo in render/mitri.c,
which was incorrectly calculating the size of a buffer.

-- Additional comment from mjc@redhat.com on 2006-05-02 10:44 EST --
now public, removing embargo
http://lists.freedesktop.org/archives/xorg/2006-May/015136.html

-- Additional comment from bugzilla@redhat.com on 2006-05-04 07:42 EST --

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0451.html
Comment 1 Marc Deslauriers 2006-05-05 18:25:15 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here is an updated package to QA for FC3.

fa5d8ee56fc046f0d6a8f4663a0b0b4fa6cc307e  xorg-x11-6.8.2-1.FC3.45.3.legacy.src.rpm

Downloads:

http://www.infostrategique.com/linuxrpms/legacy/3/xorg-x11-6.8.2-1.FC3.45.3.legacy.src.rpm



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEW9MdLMAs/0C4zNoRAqLGAJ4mV8O6AEvRwCGVvommOTa3/T1TvQCfd+5h
drKPZAjbBhN1TwcC3hY32Tc=
=ZmeM
-----END PGP SIGNATURE-----
Comment 2 Pekka Savola 2006-05-06 02:20:26 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA w/ rpm-build-compare.sh:
 - source integrity good
 - spec file changes minimal
 - patch identical to RHEL4

+PUBLISH FC3

fa5d8ee56fc046f0d6a8f4663a0b0b4fa6cc307e  xorg-x11-6.8.2-1.FC3.45.3.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFEXEG8GHbTkzxSL7QRAld/AKC3l1NzPX21F4e8TjAK4fLFZ1Mt5wCfcgd/
WQwS+TmytoKbU5KzaI5Q+xE=
=bAEx
-----END PGP SIGNATURE-----
Comment 3 Marc Deslauriers 2006-05-15 19:41:22 EDT
These were pushed to updates-testing
Comment 4 Pekka Savola 2006-05-26 11:05:18 EDT
Timeout in 2 weeks from being pushed to updates-testing.
Comment 5 Pekka Savola 2006-05-31 01:00:35 EDT
Timeout over.
Comment 6 David Eisenstein 2006-06-05 05:53:54 EDT
Created attachment 130485 [details]
Proposed FLSA for xorg-x11
Comment 7 Marc Deslauriers 2006-06-06 19:22:43 EDT
Packages were released to updates.

Note You need to log in before you can comment on or make changes to this bug.