Re: security fix in X11 (libxfont - xfree86)
On Sun, 2006-08-20 at 00:11 +0200, Frans Pop wrote:
> On Thursday 17 August 2006 00:45, Drew Parsons wrote:
> > a security patch has been applied to libxfont in unstable (libxfont
> > 1:1.2.0-2). The bug relates to broken pcf font files and is referenced
> > in CVE-2006-3467.
> >
> > It may possibly be appropriate to consider applying
> > 10_freetype_buffer_overflow.patch as well.
>
> As sometime stable release manager for XFree86, I have prepared an update
> incorporating both patches. The debdiff against current stable is
> attached.
>
Thanks Frans.
> Drew:
> - is it correct there is no CVE number associated with the second patch?
That's correct. Although it fixes a buffer overrun, the upstream
authors consider it non-exploitable. You could therefore consider it
optional in regards to patching stable.
> - any way to test if the vulnerabilities are actually fixed?
The upstream bug report at
https://bugs.freedesktop.org/show_bug.cgi?id=7535 contains a broken font
attached at https://bugs.freedesktop.org/attachment.cgi?id=6230 . This
font is supposed to trigger the bug, although I did not test it
explicitly for the version in unstable, I simply applied the patch. The
procedure for testing, after placing the font in ~/badfont, is
xset +fp ~/badfont/
xfontsel
which triggers a SIGSEGV in strlen().
Thanks for the help,
Drew
Reply to: