- U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch

* LZW decompress: fix for CVE-2011-2895 (bnc #709851) OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-libs?expand=0&rev=168
2011-09-02 13:53:13 +00:00 · 2011-09-02 13:53:13 +00:00 · dfc8bdecf3
commit dfc8bdecf3
parent 78d354418c
3 changed files with 42 additions and 0 deletions
--- a/U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch
+++ b/U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch
@ -0,0 +1,32 @@
+From d11ee5886e9d9ec610051a206b135a4cdc1e09a0 Mon Sep 17 00:00:00 2001
+From: Thomas Hoger <thoger@redhat.com>
+Date: Mon, 8 Aug 2011 18:03:09 +0200
+Subject: [PATCH] LZW decompress: fix for CVE-2011-2895
+
+Specially crafted LZW stream can crash an application using libXfont
+that is used to open untrusted font files.  With X server, this may
+allow privilege escalation when exploited
+
+Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
+Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/fontfile/decompress.c |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/src/fontfile/decompress.c b/src/fontfile/decompress.c
+index b1fc37b..c8171dd 100644
+--- a/src/fontfile/decompress.c
+++ b/src/fontfile/decompress.c
+@@ -259,6 +259,8 @@ BufCompressedFill (BufFilePtr f)
+      	 */
+     	while ( code >= 256 )
+     	{
+	    if (stackp - de_stack >= STACK_SIZE - 1)
+		return BUFFILEEOF;
+ 	    *stackp++ = file->tab_suffix[code];
+ 	    code = file->tab_prefix[code];
+     	}
+-- 
+1.7.4.1
+
--- a/xorg-x11-libs.changes
+++ b/xorg-x11-libs.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Sep  2 13:39:04 UTC 2011 - sndirsch@suse.com
+
+- U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch
+  * LZW decompress: fix for CVE-2011-2895 (bnc #709851)
+
 -------------------------------------------------------------------
 Tue Aug 30 13:04:47 UTC 2011 - sndirsch@suse.com

--- a/xorg-x11-libs.spec
+++ b/xorg-x11-libs.spec
@ -72,6 +72,7 @@ Source90:       baselibs.conf
 Patch2:         libXft-2.1.7-lcd-filter-2.patch
 Patch5:         libxkbui.diff
 Patch10:        libXxf86misc-xcb.diff
+Patch11:        U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch

 %description
 This package contains the remaining X.Org libraries.
@ -156,6 +157,9 @@ popd
 pushd libXxf86misc-*
 %patch10 -p0
 popd
+pushd libXfont-*
+%patch11 -p1
+popd

 %build
 for dir in $(ls); do