[X2Go-Commits] [nx-libs] 03/04: Security fixes: X.Org CVE-2015-3418:

git-admin at x2go.org git-admin at x2go.org
Tue Jun 2 20:32:43 CEST 2015


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch 3.5.0.x
in repository nx-libs.

commit e5ff9ace4c2b5a4e04b771c2ec417ceba63218cf
Author: Mihai Moldovan <ionic at ionic.de>
Date:   Tue Jun 2 18:27:15 2015 +0200

    Security fixes: X.Org CVE-2015-3418:
    
    v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo)
    v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
    
    Changes:
      - 1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch
---
 debian/changelog                                   |    6 ++++++
 ...18-dix-Allow-zero-height-PutImage-re.full.patch |   16 ++++++++++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 4d03fc4..3201670 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -175,6 +175,12 @@ nx-libs (2:3.5.0.32-0x2go1) UNRELEASED; urgency=low
       v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
       Changes:
       + 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8.full.patch
+  * Security fixes:
+    - X.Org CVE-2015-3418:
+      v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo)
+      v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
+      Changes:
+      + 1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch
 
   [ Bernard Cafarelli ]
   * nx-X11: link to libdl to fix undefined references to 'dlopen' and 'dlsym'.
diff --git a/debian/patches/1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch b/debian/patches/1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch
index 7b6f28c..8fc777e 100644
--- a/debian/patches/1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch
+++ b/debian/patches/1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch
@@ -12,10 +12,11 @@ Date:   Fri May 1 13:09:24 2015 +0200
      Fix for regression introduced by fix for CVE-2014-8092.
 
      v2: backports to nx-libs 3.6.x (Mike Gabriel)
+     v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo)
+     v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
+
      Signed-off-by: Keith Packard <keithp at keithp.com>
 
-diff --git a/nx-X11/programs/Xserver/dix/dispatch.c b/nx-X11/programs/Xserver/dix/dispatch.c
-index 5ad2f5a..ab10640 100644
 --- a/nx-X11/programs/Xserver/dix/dispatch.c
 +++ b/nx-X11/programs/Xserver/dix/dispatch.c
 @@ -2071,7 +2071,7 @@ ProcPutImage(register ClientPtr client)
@@ -27,3 +28,14 @@ index 5ad2f5a..ab10640 100644
          return BadLength;
  
      if (((((lengthProto * stuff->height) + (unsigned)3) >> 2) + 
+--- a/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c
++++ b/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c
+@@ -2630,7 +2630,7 @@ ProcPutImage(register ClientPtr client)
+ 
+     tmpImage = (char *)&stuff[1];
+     lengthProto = length;
+-    if (lengthProto >= (INT32_MAX / stuff->height))
++    if (stuff->height != 0 && lengthProto >= (INT32_MAX / stuff->height))
+         return BadLength;
+ 
+     if (((((lengthProto * stuff->height) + (unsigned)3) >> 2) + 

--
Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git


More information about the x2go-commits mailing list