On 05/23/2013 09:44 AM, Alan Coopersmith wrote:
The X.Org security team has been notified by a security researcher of bugs in
the protocol handling code across libX11 & many of its extension libraries.
These could be exploited in X clients that are setuid or otherwise running
with raised privileges, if a user could run them with their display set to
a Xserver they've modified to exploit them (perhaps a custom Xephyr or remote
Xorg). More details about these issues can be found in our advisory posting
at http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 .
One of the extensions affected is DRI, for which the code is not in a shared
libXdri, but copied into several locations, including Mesa's GLX library.
This series of patches corrects these bugs in Mesa's copy.
Alan Coopersmith (2):
integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2]
integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2]
src/glx/XF86dri.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
Looks good to me, but a second set of eyes would be good.
One thing: these should probably be tagged with "NOTE: Candidate for the
stable branches".
Reviewed-by: Brian Paul <bri...@vmware.com>
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev
