X.Org has issued an updated patch for the recent MIT-SHM security vulnerability:
Matthieu Herrb wrote:
| X.Org security advisory, January 17th, 2008
| Multiple vulnerabilities in the X server
| CVE IDs: CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428,
| CVE-2007-6429, CVE-2008-0006
|
| Overview
|
| Several vulnerabilities have been identified in server code of the X
| window system caused by lack of proper input validation on user
| controlled data in various parts of the software, causing various
| kinds of overflows.
|
Update: The patch for the MIT-SHM vulnerability (CVE-2007-6429)
introduced a regression for applications that allocate pixmaps with a
less than 8 bits depth. New patches are available for xserver 1.2 and
xserver 1.4:
ftp://ftp.freedesktop.org/pub/xorg/X11R7.2/patches/xorg-xserver-1.2-multiple-overflows-v2.diff
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-multiple-overflows-v2.diff
*** Test Case ***
Compile the mitshm-testcase.c attached to this bug report (or available externally at
https://bugs.freedesktop.org/attachment.cgi?id=13779 ) with the command
cc -o mitshm-testcase mitshm-testcase.c -lXext -lX11
Login to a session on the server under test and run it, and verify it only reports
"TEST PASSED" messages, no "TEST FAILED" nor X error messages.