[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security fix in X11 (libxfont - xfree86)

On Sun, 2006-08-20 at 09:18 +1000, Drew Parsons wrote:
> On Sun, 2006-08-20 at 00:11 +0200, Frans Pop wrote:
> 
> > - any way to test if the vulnerabilities are actually fixed?
> 
> The upstream bug report at
> https://bugs.freedesktop.org/show_bug.cgi?id=7535 contains a broken font
> attached at https://bugs.freedesktop.org/attachment.cgi?id=6230 .  This
> font is supposed to trigger the bug, although I did not test it
> explicitly for the version in unstable, I simply applied the patch.  The
> procedure for testing, after placing the font in ~/badfont, is

.... (use mkfontdir after placing the bad font in a ~/badfont/ directoy 
> 	xset +fp ~/badfont/
> 	xfontsel
> which triggers a SIGSEGV in strlen().

I've now taken the time to test with the badfont.  At the moment,
following the above procedure, xfontsel still crashes, with 

X Error of failed request:  BadAlloc (insufficient resources for
operation)
  Major opcode of failed request:  45 (X_OpenFont)
  Serial number of failed request:  1392
  Current serial number in output stream:  1393

CVE-2006-3467 refers in fact to freetype2.2, not libxfont.  So while
libxfont needs the patch, the bug is not fully solved until freetype's
patch is also applied (reported in Debian bug 
#379920)

Drew
Reply to: