ubuntu-x-swat team mailing list archive

Thread
Date

[Bug 551193] Re: typo in mod() macro leads to 3rd-party controllable Xorg crash/exploit

To: ubuntu-x-swat@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <551193@xxxxxxxxxxxxxxxxxx>
Date: Tue, 18 May 2010 21:04:21 -0000
Reply-to: Bug 551193 <551193@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package xorg-server - 2:1.6.0-0ubuntu14.2

---------------
xorg-server (2:1.6.0-0ubuntu14.2) jaunty-security; urgency=low

  * SECURITY UPDATE: incorrect mod() macro could result in crashes
    caused by remote attackers (LP: #551193).
    - Added debian/patches/xaa-fbcomposite-fix-negative-size.patch
    - CVE-2010-1166
  * SECURITY UPDATE: xvfb MCOOKIE value could be hijacked due to
    visiblity on the command-line,
    - Updated debian/local/xvfb-run from Debian upstream:
      http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commitdiff;h=ecf09e571198ee16256a5efd1c23fd286a4f2249;hp=cbccf51785b500f51dc974ed05f5512181d4c51f
    - CVE-2009-1573
 -- Kees Cook <kees@xxxxxxxxxx>   Thu, 06 May 2010 13:23:52 -0700

** Changed in: xorg-server (Ubuntu Hardy)
       Status: New => Fix Released

-- 
typo in mod() macro leads to 3rd-party controllable Xorg crash/exploit
https://bugs.launchpad.net/bugs/551193
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to xorg-server in ubuntu.

References

[Bug 551193] [NEW] typo in mod() macro leads to 3rd-party controllable Xorg crash/exploit
From: Kees Cook, 2010-03-29