Debian has issued an advisory today (December 18): http://lists.debian.org/debian-security-announce/2013/msg00236.html I previously mentioned this issue in Bug 11874: https://bugs.mageia.org/show_bug.cgi?id=11874#c1 Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
URL: (none) => http://lwn.net/Vulnerabilities/577554/
Blocks: (none) => 11726
Thierry, this patch: http://anonscm.debian.org/gitweb/?p=pkg-xorg/xserver/xorg-server.git;a=blob;f=debian/patches/15_CVE-2013-6424.diff;h=59cc5d6446011dce201847ada05073a5b0704dcb;hb=7ba78cb7a28288ec0323f826ff22e4e38eea5918 which comes from here: http://patchwork.freedesktop.org/patch/14769/ applies cleanly in Mageia 3 and Cauldron's x11-server versions. Should we apply it?
Why not... Go ahead
Thanks Thierry! Patched packages uploaded for Mageia 3 and Cauldron. Advisory: ======================== Updated x11-server packages fixes security vulnerability: Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code (CVE-2013-6424). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6424 http://www.debian.org/security/2013/dsa-2822 ======================== Updated packages in core/updates_testing: ======================== x11-server-1.13.4-2.3.mga3 x11-server-devel-1.13.4-2.3.mga3 x11-server-common-1.13.4-2.3.mga3 x11-server-xorg-1.13.4-2.3.mga3 x11-server-xdmx-1.13.4-2.3.mga3 x11-server-xnest-1.13.4-2.3.mga3 x11-server-xvfb-1.13.4-2.3.mga3 x11-server-xephyr-1.13.4-2.3.mga3 x11-server-xfake-1.13.4-2.3.mga3 x11-server-xfbdev-1.13.4-2.3.mga3 x11-server-source-1.13.4-2.3.mga3 from x11-server-1.13.4-2.3.mga3.src.rpm
CC: (none) => thierry.vignaudVersion: Cauldron => 3Assignee: thierry.vignaud => qa-bugsWhiteboard: MGA3TOO => (none)
Blocks: 11726 => (none)
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
In VirtualBox, M3, KDE, 32-bit Package(s) under test: x11-server start with default installed x11-server [root@localhost wilcal]# urpmi x11-server Package x11-server-1.13.4-2.2.mga3.i586 is already installed All seems fine install x11-server from updates_testing Restart x [root@localhost wilcal]# urpmi x11-server Package x11-server-1.13.4-2.3.mga3.i586 is already installed All seems fine Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox 4.2.16-1.mga3.x86_64.rpm
CC: (none) => wilcal.int
In VirtualBox, M3, KDE, 64-bit Package(s) under test: x11-server start with default installed x11-server [root@localhost wilcal]# urpmi x11-server Package x11-server-1.13.4-2.2.mga3.x86_64 is already installed All seems fine install x11-server from updates_testing Restart x [root@localhost wilcal]# urpmi x11-server Package x11-server-1.13.4-2.3.mga3.x86_64 is already installed All seems fine Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox 4.2.16-1.mga3.x86_64.rpm
Tested mga3-64 on real hardware, installed x11-server-common and x11-server-xorg, no regressions found.
CC: (none) => wrw105
Severity: normal => major
Tested mga3-32 on real hardware. installed x11-server-common and x11-server-xorg, no regressions noted. Will validate with libxfont shortly.
Whiteboard: advisory => advisory mga3-64-OK mga3-32-OK
Validating. Could sysadmin please push from 3 core/updates_testing to updates Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0016.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED