+++ This bug was initially created as a clone of Bug #445408 +++ iDefense reported several flaws in the X.org Render extension. The iDefense advisory states: Multiple vulnerabilities are present in the Render extension in the code responsible for reading in client requests. The following function contains the vulnerability: SProcRenderCreateLinearGradient() In each case, values are taken from the client request and used in arithmetic operations that calculate the size of dynamic buffers. These calculations can overflow, which results in undersized buffers being allocated. The allocated buffers are then overflowed with data from the client request.
Public now: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
xorg-x11-server- has been submitted as an update for Fedora 9
iDefense advisory: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720
xorg-x11-server- has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update xorg-x11-server'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-5254
xorg-x11-server- has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
xorg-x11-server- has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
xorg-x11-server- has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0504.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-5285 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-5279 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-5254