[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: Missing input sanitation in various X GLX calls
From: Vincent Danen <vdanen () redhat ! com>
Date: 2011-09-23 22:24:40
Message-ID: 96984075-0b95-4a7d-843d-1ab82a964017 () zmail04 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
For more information on this, please see our bugzilla entry:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4818
I emailed ajax about this and it doesn't seem to be quite as scary as it sounds, and \
the bug has a good analysis of the various patches noted in the upstream bug report.
----- Original Message -----
> Hi,
>
> https://bugs.freedesktop.org/show_bug.cgi?id=28823
> is a tracker bug for input sanitation lacking in various GLX X calls.
>
> Reporter is me@halfdog.net
>
> These can probably allow a attacker with access to the GLX calls
> (typically just the logged in user) to crash the X server or execute
> code within it.
>
> (Not thought about WebGL introduced crash potential here.)
>
> The lacking checks were reported and fixed in x.org git in 2010, so
> they
> probably need a 2010 CVE id. (Single one should be sufficient I
> guess.)
--
Vincent Danen / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic