From dfc8bdecf3d09b063d28c4a659e713aa1b2162913bfbb3576c085c190530b02c Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Fri, 2 Sep 2011 13:53:13 +0000 Subject: [PATCH] - U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch * LZW decompress: fix for CVE-2011-2895 (bnc #709851) OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-libs?expand=0&rev=168 --- ...LZW-decompress-fix-for-CVE-2011-2895.patch | 32 +++++++++++++++++++ xorg-x11-libs.changes | 6 ++++ xorg-x11-libs.spec | 4 +++ 3 files changed, 42 insertions(+) create mode 100644 U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch diff --git a/U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch b/U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch new file mode 100644 index 0000000..b1bf8cd --- /dev/null +++ b/U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch @@ -0,0 +1,32 @@ +From d11ee5886e9d9ec610051a206b135a4cdc1e09a0 Mon Sep 17 00:00:00 2001 +From: Thomas Hoger +Date: Mon, 8 Aug 2011 18:03:09 +0200 +Subject: [PATCH] LZW decompress: fix for CVE-2011-2895 + +Specially crafted LZW stream can crash an application using libXfont +that is used to open untrusted font files. With X server, this may +allow privilege escalation when exploited + +Reviewed-by: Matthieu Herrb +Signed-off-by: Matthieu Herrb +Signed-off-by: Alan Coopersmith +--- + src/fontfile/decompress.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/src/fontfile/decompress.c b/src/fontfile/decompress.c +index b1fc37b..c8171dd 100644 +--- a/src/fontfile/decompress.c ++++ b/src/fontfile/decompress.c +@@ -259,6 +259,8 @@ BufCompressedFill (BufFilePtr f) + */ + while ( code >= 256 ) + { ++ if (stackp - de_stack >= STACK_SIZE - 1) ++ return BUFFILEEOF; + *stackp++ = file->tab_suffix[code]; + code = file->tab_prefix[code]; + } +-- +1.7.4.1 + diff --git a/xorg-x11-libs.changes b/xorg-x11-libs.changes index 7e745a0..4af3ddc 100644 --- a/xorg-x11-libs.changes +++ b/xorg-x11-libs.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Sep 2 13:39:04 UTC 2011 - sndirsch@suse.com + +- U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch + * LZW decompress: fix for CVE-2011-2895 (bnc #709851) + ------------------------------------------------------------------- Tue Aug 30 13:04:47 UTC 2011 - sndirsch@suse.com diff --git a/xorg-x11-libs.spec b/xorg-x11-libs.spec index 3222608..bd8e325 100644 --- a/xorg-x11-libs.spec +++ b/xorg-x11-libs.spec @@ -72,6 +72,7 @@ Source90: baselibs.conf Patch2: libXft-2.1.7-lcd-filter-2.patch Patch5: libxkbui.diff Patch10: libXxf86misc-xcb.diff +Patch11: U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch %description This package contains the remaining X.Org libraries. @@ -156,6 +157,9 @@ popd pushd libXxf86misc-* %patch10 -p0 popd +pushd libXfont-* +%patch11 -p1 +popd %build for dir in $(ls); do