Bug 11428 - xorg-x11-server - use-after-free flaw when handling ImageText requests (CVE-2013-4396)
: xorg-x11-server - use-after-free flaw when handling ImageText requests (CVE-2...
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: i586 Linux
: Normal Severity: major
: ---
Assigned To: QA Team
: Sec team
: http://lwn.net/Vulnerabilities/570465/
: MGA2TOO mga2-32-ok mga2-64-ok mga3-32...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-10-10 12:22 CEST by Oden Eriksson
Modified: 2013-10-25 23:23 CEST (History)
6 users (show)

See Also:
Source RPM: x11-server
CVE:
Status comment:


Attachments

Description Oden Eriksson 2013-10-10 12:22:23 CEST
======================================================
Name: CVE-2013-4396
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130612
Category: 
Reference: MLIST:[oss-security] 20131008 Fwd: X.Org security advisory: CVE-2013-4396: Use after free in Xserver handling of ImageText requests
Reference: URL:http://openwall.com/lists/oss-security/2013/10/08/6
Reference: MLIST:[xorg-announce] 20131008 X.Org security advisory: CVE-2013-4396: Use after free in Xserver handling of ImageText requests
Reference: URL:http://lists.x.org/archives/xorg-announce/2013-October/002332.html
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1014561

Use-after-free vulnerability in the doImageText function in
dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11
allows remote authenticated users to cause a denial of service (daemon
crash) or possibly execute arbitrary code via a crafted ImageText
request that triggers memory-allocation failure.
Description of problem:




Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-10-11 00:31:38 CEST
FYI the upstream patch applies in our Mageia 3 and Cauldron packages, but not in the Mageia 2 one.  It'll need rewritten for that version.
Comment 2 David Walser 2013-10-11 10:27:35 CEST
Updated by Funda.

Advisory:
========================

Updated x11-server packages fix security vulnerability:

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in
the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated
users to cause a denial of service (daemon crash) or possibly execute arbitrary
code via a crafted ImageText request that triggers memory-allocation failure
(CVE-2013-4396).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4396
http://lists.x.org/archives/xorg-announce/2013-October/002332.html
https://bugzilla.redhat.com/show_bug.cgi?id=1014561
========================

Updated packages in core/updates_testing:
========================
x11-server-1.11.4-2.4.mga2
x11-server-devel-1.11.4-2.4.mga2
x11-server-common-1.11.4-2.4.mga2
x11-server-xorg-1.11.4-2.4.mga2
x11-server-xdmx-1.11.4-2.4.mga2
x11-server-xnest-1.11.4-2.4.mga2
x11-server-xvfb-1.11.4-2.4.mga2
x11-server-xephyr-1.11.4-2.4.mga2
x11-server-xfake-1.11.4-2.4.mga2
x11-server-xfbdev-1.11.4-2.4.mga2
x11-server-source-1.11.4-2.4.mga2
x11-server-1.13.4-2.2.mga3
x11-server-devel-1.13.4-2.2.mga3
x11-server-common-1.13.4-2.2.mga3
x11-server-xorg-1.13.4-2.2.mga3
x11-server-xdmx-1.13.4-2.2.mga3
x11-server-xnest-1.13.4-2.2.mga3
x11-server-xvfb-1.13.4-2.2.mga3
x11-server-xephyr-1.13.4-2.2.mga3
x11-server-xfake-1.13.4-2.2.mga3
x11-server-xfbdev-1.13.4-2.2.mga3
x11-server-source-1.13.4-2.2.mga3

from SRPMS:
x11-server-1.11.4-2.4.mga2.src.rpm
x11-server-1.13.4-2.2.mga3.src.rpm
Comment 3 David Walser 2013-10-11 10:27:52 CEST
*** Bug 11440 has been marked as a duplicate of this bug. ***
Comment 4 Lewis Smith 2013-10-15 20:15:17 CEST
MGA£ 32-bit

Updated x11-server-1.13.4-2.2.mga3 & x11-server-common-1.13.4-2.2.mga3
No new problems noted.
Comment 5 David Walser 2013-10-16 18:19:04 CEST
RedHat has issued an advisory for this on October 15:
https://rhn.redhat.com/errata/RHSA-2013-1426.html

Updating the reference in the advisory.

Advisory:
========================

Updated x11-server packages fix security vulnerability:

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in
the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated
users to cause a denial of service (daemon crash) or possibly execute arbitrary
code via a crafted ImageText request that triggers memory-allocation failure
(CVE-2013-4396).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4396
http://lists.x.org/archives/xorg-announce/2013-October/002332.html
https://rhn.redhat.com/errata/RHSA-2013-1426.html
========================

Updated packages in core/updates_testing:
========================
x11-server-1.11.4-2.4.mga2
x11-server-devel-1.11.4-2.4.mga2
x11-server-common-1.11.4-2.4.mga2
x11-server-xorg-1.11.4-2.4.mga2
x11-server-xdmx-1.11.4-2.4.mga2
x11-server-xnest-1.11.4-2.4.mga2
x11-server-xvfb-1.11.4-2.4.mga2
x11-server-xephyr-1.11.4-2.4.mga2
x11-server-xfake-1.11.4-2.4.mga2
x11-server-xfbdev-1.11.4-2.4.mga2
x11-server-source-1.11.4-2.4.mga2
x11-server-1.13.4-2.2.mga3
x11-server-devel-1.13.4-2.2.mga3
x11-server-common-1.13.4-2.2.mga3
x11-server-xorg-1.13.4-2.2.mga3
x11-server-xdmx-1.13.4-2.2.mga3
x11-server-xnest-1.13.4-2.2.mga3
x11-server-xvfb-1.13.4-2.2.mga3
x11-server-xephyr-1.13.4-2.2.mga3
x11-server-xfake-1.13.4-2.2.mga3
x11-server-xfbdev-1.13.4-2.2.mga3
x11-server-source-1.13.4-2.2.mga3

from SRPMS:
x11-server-1.11.4-2.4.mga2.src.rpm
x11-server-1.13.4-2.2.mga3.src.rpm
Comment 6 William Kenney 2013-10-16 18:35:38 CEST
In VirtualBox, M2, KDE, 32-bit

Package(s) under test:
x11-server-common x11-server-xorg


[root@localhost wilcal]# urpmi x11-server-common
Package x11-server-common-1.11.4-2.2.mga2.i586 is already installed
[root@localhost wilcal]# urpmi x11-server-xorg
Package x11-server-xorg-1.11.4-2.2.mga2.i586 is already installed
KDE operating normally

Install x11-server-common & x11-server-xorg updates from core updates_testing

reboot

[root@localhost wilcal]# urpmi x11-server-common
Package x11-server-common-1.11.4-2.4.mga2.i586 is already installed
[root@localhost wilcal]# urpmi x11-server-xorg
Package x11-server-xorg-1.11.4-2.4.mga2.i586 is already installed
KDE operating normally


Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm
Comment 7 William Kenney 2013-10-16 18:36:10 CEST
In VirtualBox, M2, KDE, 64-bit

Package(s) under test:
x11-server-common x11-server-xorg


[root@localhost wilcal]# urpmi x11-server-common
Package x11-server-common-1.11.4-2.2.mga2.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-server-xorg
Package x11-server-xorg-1.11.4-2.2.mga2.x86_64 is already installed
KDE operating normally

Install x11-server-common & x11-server-xorg updates from core updates_testing

reboot

[root@localhost wilcal]# urpmi x11-server-common
Package x11-server-common-1.11.4-2.4.mga2.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-server-xorg
Package x11-server-xorg-1.11.4-2.4.mga2.x86_64 is already installed
KDE operating normally


Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm
Comment 8 William Kenney 2013-10-16 18:36:37 CEST
In VirtualBox, M3, KDE, 32-bit

Package(s) under test:
x11-server-common x11-server-xorg


Default package installed:
[root@localhost wilcal]# urpmi x11-server-common
Package x11-server-common-1.13.4-2.mga3.i586 is already installed
[root@localhost wilcal]# urpmi x11-server-xorg
Package x11-server-xorg-1.13.4-2.mga3.i586 is already installed
KDE operating normally

Install x11-server-common & x11-server-xorg updates from core updates_testing

reboot

[root@localhost wilcal]# urpmi x11-server-common
Package x11-server-common-1.13.4-2.2.mga3.i586 is already installed
[root@localhost wilcal]# urpmi x11-server-xorg
Package x11-server-xorg-1.13.4-2.2.mga3.i586 is already installed
KDE operating normally


Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm
Comment 9 William Kenney 2013-10-16 18:37:02 CEST
In VirtualBox, M3, KDE, 64-bit

Package(s) under test:
x11-server-common x11-server-xorg


[root@localhost wilcal]# urpmi x11-server-common
Package x11-server-common-1.13.4-2.mga3.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-server-xorg
Package x11-server-xorg-1.13.4-2.mga3.x86_64 is already installed
KDE operating normally

Install x11-server-common & x11-server-xorg updates from core updates_testing

reboot

[root@localhost wilcal]# urpmi x11-server-common
Package x11-server-common-1.13.4-2.2.mga3.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-server-xorg
Package x11-server-xorg-1.13.4-2.2.mga3.x86_64 is already installed
KDE operating normally


Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm
Comment 10 claire robinson 2013-10-24 10:09:21 CEST
Adding missing whiteboard tags from previous testing
Comment 11 claire robinson 2013-10-24 10:15:36 CEST
Advisory uploaded. Validating.

Could sysadmin please push from 2&3 core/updates_testing to updates

Thanks!
Comment 12 Thomas Backlund 2013-10-25 23:23:28 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2013-0317.html

Note You need to log in before you can comment on or make changes to this bug.