Bug#660411: libxi6: Memory corruption when used with recent X servers
On Sat, Feb 18, 2012 at 23:55:34 +0100, Michael Karcher wrote: libXi can cause heap corruption if it receices unknown device classes in input devices, as it does not allocate any space to unknown classes, yet it stores type and ID information of that class. If the unknown classes are at the end of the list, 8 bytes following the allocated class info block are corrupted. This behaviour is observable with current X servers in experimental. As heap corruption is a security problem (malign X servers could try to exploit client code using Xinput2), fixing this bug might be eligible for a stable update. Commit http://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=635c2c029b1e73311c3f650bcaf7eeb9e782134b fixes the problem and applies (with offset and fuzz, though). Can you please verify that this is fixed in 2:1.3-7, currently in proposed-updates? Cheers, Julien signature.asc Description: Digital signature
Bug#660411: libxi6: Memory corruption when used with recent X servers
I can't reproduce the bug with version 2:1.3-7 Reinhard -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#660411: libxi6: Memory corruption when used with recent X servers
On Sat, Feb 18, 2012 at 23:55:34 +0100, Michael Karcher wrote: This behaviour is observable with current X servers in experimental. As heap corruption is a security problem (malign X servers could try to exploit client code using Xinput2), fixing this bug might be eligible for a stable update. Commit http://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=635c2c029b1e73311c3f650bcaf7eeb9e782134b fixes the problem and applies (with offset and fuzz, though). Thanks. I think there were a couple other changes that would be good to include in the stable version. I'll try to make sure at least this one gets into the next update. Cheers, Julien signature.asc Description: Digital signature
Bug#660411: libxi6: Memory corruption when used with recent X servers
Package: libxi6 Version: 2:1.3-6 Severity: important Tags: upstream patch libXi can cause heap corruption if it receices unknown device classes in input devices, as it does not allocate any space to unknown classes, yet it stores type and ID information of that class. If the unknown classes are at the end of the list, 8 bytes following the allocated class info block are corrupted. This behaviour is observable with current X servers in experimental. As heap corruption is a security problem (malign X servers could try to exploit client code using Xinput2), fixing this bug might be eligible for a stable update. Commit http://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=635c2c029b1e73311c3f650bcaf7eeb9e782134b fixes the problem and applies (with offset and fuzz, though). Regards, Michael Karcher -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i586) Kernel: Linux 2.6.32-5-486 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libxi6 depends on: ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib ii libx11-6 2:1.3.3-4 X11 client-side library ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar libxi6 recommends no packages. libxi6 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
