[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: Missing input sanitation in various X GLX calls
From:       Vincent Danen <vdanen () redhat ! com>
Date:       2011-09-23 22:24:40
Message-ID: 96984075-0b95-4a7d-843d-1ab82a964017 () zmail04 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

For more information on this, please see our bugzilla entry:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4818

I emailed ajax about this and it doesn't seem to be quite as scary as it sounds, and \
the bug has a good analysis of the various patches noted in the upstream bug report.

----- Original Message -----
> Hi,
> 
> https://bugs.freedesktop.org/show_bug.cgi?id=28823
> is a tracker bug for input sanitation lacking in various GLX X calls.
> 
> Reporter is me@halfdog.net
> 
> These can probably allow a attacker with access to the GLX calls
> (typically just the logged in user) to crash the X server or execute
> code within it.
> 
> (Not thought about WebGL introduced crash potential here.)
> 
> The lacking checks were reported and fixed in x.org git in 2010, so
> they
> probably need a 2010 CVE id. (Single one should be sufficient I
> guess.)

-- 
Vincent Danen / Red Hat Security Response Team


[prev in list] [next in list] [prev in thread] [next in thread]