[X font server] integer overflow and heap corruption vulnerability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xfs (Ubuntu) |
Fix Released
|
Critical
|
Bryce Harrington | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Fix Released
|
Critical
|
Bryce Harrington |
Bug Description
Binary package hint: xfs
References:
[1] http://
[2] http://
Affected versions:
According to [1], all prior to xfs 1.0.5
Short summary [from [1]:
"Several vulnerabilities have been identified in xfs, the X font
server. The QueryXBitmaps and QueryXExtents protocol requests suffer
from lack of validation of their 'length' parameters.
[...]
These vulnerabilities can lead to code execution in the font
server. On most modern systems, the font server is accessible only for
local clients and runs with reduced privileges. But on some systems it
may still be accessible from remote clients and possibly running with
root privileges, creating an opportunity for remote privilege
escalation."
Patch for xfs 1.0.4 (included in X11R7.3):
ftp://ftp.
The patch could be added to Gutsy before release; although, xfs is part of universe.
Hmm, sorry, wanted to attach the patch, but the link gives a "550 Failed to change directory.".