X Strike Force XFree86 SVN commit: rev 968 - in branches/4.1.0/woody/debian: . patches

Mon, 26 Jan 2004 19:42:14 -0600 

Author: branden
Date: 2004-01-26 13:43:43 -0500 (Mon, 26 Jan 2004)
New Revision: 968

Modified:
   branches/4.1.0/woody/debian/changelog
   branches/4.1.0/woody/debian/patches/074_SECURITY_DRI_and_GLX_DoS_fix.diff
Log:
Add CVE candidate IDs to patch and changelog.


Modified: branches/4.1.0/woody/debian/changelog
===================================================================
--- branches/4.1.0/woody/debian/changelog       2004-01-23 04:26:00 UTC (rev 
967)
+++ branches/4.1.0/woody/debian/changelog       2004-01-26 18:43:43 UTC (rev 
968)
@@ -5,8 +5,10 @@
       succeeds, which may allow attackers to gain root privileges by
       triggering error conditions within PAM modules, as demonstrated in
       certain configurations of the MIT pam_krb5 module.
-    + Denial-of-service attacks against X server by clients using the GLX
-      extension and Direct Rendering Infrastructure.
+    + CAN-2004-0093, CAN-2003-0094: Denial-of-service attacks against the X
+      server by clients using the GLX extension and Direct Rendering
+      Infrastructure are possible due to unchecked client data (out-of-bounds
+      array indexes and integer signedness errors).
 
   * Patch xdm to call pam_strerror(), log the returned error, and exit the
     StartClient() function with a zero exit status (failure) if pam_setcred()

Modified: 
branches/4.1.0/woody/debian/patches/074_SECURITY_DRI_and_GLX_DoS_fix.diff
===================================================================
--- branches/4.1.0/woody/debian/patches/074_SECURITY_DRI_and_GLX_DoS_fix.diff   
2004-01-23 04:26:00 UTC (rev 967)
+++ branches/4.1.0/woody/debian/patches/074_SECURITY_DRI_and_GLX_DoS_fix.diff   
2004-01-26 18:43:43 UTC (rev 968)
@@ -7,6 +7,9 @@
       the GLX code.  This fixes X server segfaults when an invalid screen
       value is provided (#A.1434, Felix Kühling).
 
+The CVE IDs for these vulnerabilities are CAN-2004-0093 (out-of-bounds
+array index errors) and CAN-2004-0094 (integer signedness errors).
+
 --- xc/programs/Xserver/GL/dri/xf86dri.c       29 Oct 2002 20:28:57 -0000      
1.10
 +++ xc/programs/Xserver/GL/dri/xf86dri.c       13 Dec 2002 15:51:57 -0000
 @@ -155,6 +155,11 @@

Reply via email to