Re: [X2Go-Dev] [X2Go-Commits] [nx-libs] 13/52: LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0

Sun, 15 Feb 2015 12:16:06 -0800 

On Sun, Feb 15, 2015 at 3:01 PM, Michael DePaulo <mikedep...@gmail.com> wrote:
> On Sun, Feb 15, 2015 at 2:11 PM, Mihai Moldovan <io...@ionic.de> wrote:
>> On 14.02.2015 05:47 PM, git-ad...@x2go.org wrote:
>>> This is an automated email from the git hooks/post-receive script.
>>>
>>> x2go pushed a commit to branch 3.6.x
>>> in repository nx-libs.
>>>
>>> commit af55da1e9c1a6a352b24823a8f7062c288ffbbc0
>>> Author: Mike DePaulo <mikedep...@gmail.com>
>>> Date:   Sun Feb 8 19:15:20 2015 -0500
>>>
>>>     LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit 
>>> d11ee5886e9d9ec610051a206b135a4cdc1e09a0
>>>
>>>         Specially crafted LZW stream can crash an application using libXfont
>>>         that is used to open untrusted font files.  With X server, this may
>>>         allow privilege escalation when exploited
>>> ---
>>>  nx-X11/lib/font/fontfile/decompress.c |    2 ++
>>>  1 file changed, 2 insertions(+)
>>>
>>> diff --git a/nx-X11/lib/font/fontfile/decompress.c 
>>> b/nx-X11/lib/font/fontfile/decompress.c
>>> index a4c5468..553b315 100644
>>> --- a/nx-X11/lib/font/fontfile/decompress.c
>>> +++ b/nx-X11/lib/font/fontfile/decompress.c
>>> @@ -261,6 +261,8 @@ BufCompressedFill (BufFilePtr f)
>>>                */
>>>       while ( code >= 256 )
>>>       {
>>> +         if (stackp - de_stack >= STACK_SIZE - 1)
>>> +             return BUFFILEEOF;
>> Personally, I would have written that as
>> if ((stackp - de_stack) >= (STACK_SIZE - 1))
>>
>> But that's my personal style and I like to over-parenthesis.
> Both the upstream commit and the RHEL5 patch have it written this way,
> but I agree that your style is better.
>
> http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0
>
> ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/os/SRPMS/libXfont-1.2.2-1.0.6.el5_11.src.rpm
> (cve-2011-2895.patch)

On a related note, upstream has this follow-up commit:
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=bd48ad11fd11412c62c3ac8ed5d52c4f10a985aa

It was not backported to RHEL5 though.
_______________________________________________
x2go-dev mailing list
x2go-dev@lists.x2go.org
http://lists.x2go.org/listinfo/x2go-dev

Reply via email to