Bug 740961 (CVE-2010-4819) - CVE-2010-4819 X.org: ProcRenderAddGlyphs input sanitization flaw
Summary: CVE-2010-4819 X.org: ProcRenderAddGlyphs input sanitization flaw
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-4819
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Engineering741649 Engineering741650 Engineering741651 Engineering741652 Engineering741654 Engineering741688
Blocks: Embargoed740962
TreeView+ depends on / blocked
 
Reported: 2011-09-23 21:55 UTC by Vincent Danen
Modified: 2019-09-29 12:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-06 18:18:20 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1359 0 normal SHIPPED_LIVE Moderate: xorg-x11-server security update 2011-10-06 17:46:07 UTC
Red Hat Product Errata RHSA-2011:1360 0 normal SHIPPED_LIVE Moderate: xorg-x11 security update 2011-10-06 18:07:24 UTC

Description Vincent Danen 2011-09-23 21:55:06 UTC 
It was reported [1] that ProcRenderAddGlyphs() suffered from an input sanitization flaw.  This could allow a local attacker to possibly expose arbitrary memory or crash the X server.

This has been fixed upstream [2].

[1] https://bugs.freedesktop.org/show_bug.cgi?id=28801
[2] http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718
Comment 1 Vincent Danen 2011-09-23 22:02:09 UTC 
This doesn't affect Fedora 14+ (xorg-server-1.9.5) as the patch in [2] is applied.
Comment 11 errata-xmlrpc 2011-10-06 17:46:25 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2011:1359 https://rhn.redhat.com/errata/RHSA-2011-1359.html
Comment 12 errata-xmlrpc 2011-10-06 18:07:43 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2011:1360 https://rhn.redhat.com/errata/RHSA-2011-1360.html
Note You need to log in before you can comment on or make changes to this bug.