[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security fix in X11 (libxfont - xfree86)



On Sun, Aug 20, 2006 at 07:45:49PM +1000, Drew Parsons wrote:
> On Sun, 2006-08-20 at 09:18 +1000, Drew Parsons wrote:
> > On Sun, 2006-08-20 at 00:11 +0200, Frans Pop wrote:
> > > - any way to test if the vulnerabilities are actually fixed?
> > 
> > The upstream bug report at
> > https://bugs.freedesktop.org/show_bug.cgi?id=7535 contains a broken font
> > attached at https://bugs.freedesktop.org/attachment.cgi?id=6230 .  This
> > font is supposed to trigger the bug, although I did not test it
> > explicitly for the version in unstable, I simply applied the patch.  The
> > procedure for testing, after placing the font in ~/badfont, is
> 
> .... (use mkfontdir after placing the bad font in a ~/badfont/ directoy 
> > 	xset +fp ~/badfont/
> > 	xfontsel
> > which triggers a SIGSEGV in strlen().
> 
> I've now taken the time to test with the badfont.  At the moment,
> following the above procedure, xfontsel still crashes, with 
> 
> X Error of failed request:  BadAlloc (insufficient resources for
> operation)
>   Major opcode of failed request:  45 (X_OpenFont)
>   Serial number of failed request:  1392
>   Current serial number in output stream:  1393
> 
> CVE-2006-3467 refers in fact to freetype2.2, not libxfont.  So while
> libxfont needs the patch, the bug is not fully solved until freetype's
> patch is also applied (reported in Debian bug 
> #379920)

That would seem to me to be the desired behaviour: the server is staying
alive, and it's refusing to let you open an invalid font.

Attachment: signature.asc
Description: Digital signature


Reply to: