[PATCH 0/5] integer overflows in Xdmx & Xephyr
Alan Coopersmith
alan.coopersmith at oracle.com
Thu May 23 09:27:25 PDT 2013
As part of the report of the security bugs announced this morning, the same
researcher also reported similar issues in the client-side GLX & DRI code in
the Xdmx & Xephyr X servers. Since these are not normally installed setuid
or otherwise with higher privileges than the underlying X servers that they
connect to, the X.Org security team agreed to treat these as simple bug fixes,
not security issues.
These are candidates for stable releases as they do fix server crashes, but
only in rare cases when malformed protocol is sent by the X server they
display onto.
Alan Coopersmith (5):
Xdmx: integer overflow in GetGLXVisualConfigs()
Xdmx: integer overflow in GetGLXFBConfigs()
Xephyr: integer overflow in ephyrHostGLXGetStringFromServer()
Xephyr: integer overflow in XF86DRIOpenConnection()
Xephyr: integer overflow in XF86DRIGetClientDriverName()
hw/dmx/dmx_glxvisuals.c | 25 +++++++++++++++++--------
hw/kdrive/ephyr/XF86dri.c | 14 ++++++++++----
hw/kdrive/ephyr/ephyrhostglx.c | 40 +++++++++++++++++++++++-----------------
3 files changed, 50 insertions(+), 29 deletions(-)
--
1.7.9.2
More information about the xorg-devel
mailing list