Red Hat Bugzilla – Bug 445403
CVE-2008-1377 X.org Record and Security extensions memory corruption
Last modified: 2008-06-14 01:40:08 EDT
iDefense reported several flaws in the X.org Record and Security extensions.
The iDefense advisory states:
Multiple vulnerabilities are present in the Record and Security
extensions. In both cases, untrusted values are taken from a client
request, and used to swap the byte order of heap memory that follows
the client request. Since the number of bytes to swap is not properly
validated, it is possible to corrupt heap memory located after the
request. The following functions contain vulnerable code:
xorg-x11-server-220.127.116.112-3.20080612.fc9 has been submitted as an update for Fedora 9
xorg-x11-server-18.104.22.1682-3.20080612.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update xorg-x11-server'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-5254
xorg-x11-server-22.214.171.124-17.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
xorg-x11-server-126.96.36.1992-3.20080612.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
xorg-x11-server-188.8.131.52-46.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: