From e20d4ef28d426fff3594c713eeee2cd9914fe1a1 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Fri, 18 Jan 2008 03:06:10 +0000 Subject: [PATCH] * Fri Jan 18 2008 Dave Airlie 1.4.99.1-0.17 - cve-2007-5760.patch: XFree86-Misc Extension Invalid Array Index Vulnerability - cve-2007-5958.patch: Xorg / XFree86 file existence disclosure vulnerability - cve-2007-6427.patch: XInput Extension Memory Corruption Vulnerability - cve-2007-6428.patch: TOG-CUP Extension Memory Corruption Vulnerability - cve-2007-6429.patch: EVI and MIT-SHM Extension Integer Overflow Vulnerability - cve-2008-0006-server-fixup.patch: PCF Font Vulnerability - this patch isn't strictly required with new version of libXfont. --- cve-2008-0006-server-fixup.patch | 17 +++++++++++++++++ xorg-x11-server.spec | 2 ++ 2 files changed, 19 insertions(+) create mode 100644 cve-2008-0006-server-fixup.patch diff --git a/cve-2008-0006-server-fixup.patch b/cve-2008-0006-server-fixup.patch new file mode 100644 index 0000000..70f0cb8 --- /dev/null +++ b/cve-2008-0006-server-fixup.patch @@ -0,0 +1,17 @@ +diff -up xorg-x11-6.8.2/xc/programs/Xserver/dix/dixfonts.c.jx xorg-x11-6.8.2/xc/programs/Xserver/dix/dixfonts.c +--- xorg-x11-6.8.2/xc/programs/Xserver/dix/dixfonts.c.jx 2004-04-23 15:04:44.000000000 -0400 ++++ xorg-x11-server/dix/dixfonts.c 2008-01-14 11:15:00.000000000 -0500 +@@ -339,6 +339,13 @@ doOpenFont(ClientPtr client, OFclosurePt + err = BadFontName; + goto bail; + } ++ /* check values for firstCol, lastCol, firstRow, and lastRow */ ++ if (pfont->info.firstCol > pfont->info.lastCol || ++ pfont->info.firstRow > pfont->info.lastRow || ++ pfont->info.lastCol - pfont->info.firstCol > 255) { ++ err = AllocError; ++ goto bail; ++ } + if (!pfont->fpe) + pfont->fpe = fpe; + pfont->refcnt++; diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index 271682a..2e2c495 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -63,6 +63,7 @@ Patch3001: cve-2007-5958.patch Patch3002: cve-2007-6427.patch Patch3003: cve-2007-6428.patch Patch3004: cve-2007-6429.patch +Patch3005: cve-2008-0006-server-fixup.patch # Trivial things to maybe merge upstream at next rebase #Patch4003: argh-pixman.patch #fixme @@ -521,6 +522,7 @@ rm -rf $RPM_BUILD_ROOT - cve-2007-6427.patch: XInput Extension Memory Corruption Vulnerability - cve-2007-6428.patch: TOG-CUP Extension Memory Corruption Vulnerability - cve-2007-6429.patch: EVI and MIT-SHM Extension Integer Overflow Vulnerability +- cve-2008-0006-server-fixup.patch: PCF Font Vulnerability - this patch isn't strictly required with new version of libXfont. * Wed Jan 16 2008 Kristian Høgsberg 1.4.99.1-0.16 - Add xserver-1.4.99-engage-composite-crack-mode.patch to better hide