Re: security fix in X11 (libxfont - xfree86)
On Sun, 2006-08-20 at 09:18 +1000, Drew Parsons wrote:
> On Sun, 2006-08-20 at 00:11 +0200, Frans Pop wrote:
>
> > - any way to test if the vulnerabilities are actually fixed?
>
> The upstream bug report at
> https://bugs.freedesktop.org/show_bug.cgi?id=7535 contains a broken font
> attached at https://bugs.freedesktop.org/attachment.cgi?id=6230 . This
> font is supposed to trigger the bug, although I did not test it
> explicitly for the version in unstable, I simply applied the patch. The
> procedure for testing, after placing the font in ~/badfont, is
.... (use mkfontdir after placing the bad font in a ~/badfont/ directoy
> xset +fp ~/badfont/
> xfontsel
> which triggers a SIGSEGV in strlen().
I've now taken the time to test with the badfont. At the moment,
following the above procedure, xfontsel still crashes, with
X Error of failed request: BadAlloc (insufficient resources for
operation)
Major opcode of failed request: 45 (X_OpenFont)
Serial number of failed request: 1392
Current serial number in output stream: 1393
CVE-2006-3467 refers in fact to freetype2.2, not libxfont. So while
libxfont needs the patch, the bug is not fully solved until freetype's
patch is also applied (reported in Debian bug
#379920)
Drew
Reply to: