Bugzilla – Bug 709851
VUL-0: xCVE-2011-2895: org-x11-libs: libXfont LZW decompression heap corruption
Last modified: 2019-05-01 15:29:02 UTC
Created attachment 444350 [details] lzw-tescases.tgz
Created attachment 445131 [details] libXfont-lzw-de_stack-check.diff
CVE-2011-2895
The SWAMPID for this issue is 42582. This issue was rated as important. Please submit fixed packages until 2011-08-17. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
It's public now.
Fixed for SLE11-SP2 Beta 5 (SR #14591).
Fixed for openSUSE:Factory (upcoming openSUSE 12.1), see SR #80684
openSUSE 11.3: SR #80695 openSUSE 11.4: SR #80696
patchinfo for openSUSE 11.3/11.4 also submitted.
SLE-10-SP3: SR #14598
SLE-10-SP5: SR #14600
(In reply to comment #19) > SLE-10-SP5: SR #14600 SLE-10-SP4: SR #14600
SLE-11-SP1: SR #14601
patchinfo for SLE10-SP3/SLE-10-SP4/SLE-11-SP1 also submitted. This is considered done. :-)
reassign to security for tracking
stefan, sr 14600 was automatically declined and needs to be redone: State: declined 2011-09-02T18:38:58 dirkmueller Comment: E: The package fails to build, please check sle10-sp4-s390(x) did not build. I guess it is this part: ERROR: Program is using implicit definitions of special functions. ERROR: ERROR: These functions need to use their correct prototypes to allow ERROR: the lightweight buffer overflow checking to work. ERROR: - Implicit memory/string functions need #include <string.h>. ERROR: - Implicit *printf functions need #include <stdio.h>. ERROR: - Implicit *read* functions need #include <unistd.h>. ERROR: - Implicit *recv* functions need #include <sys/socket.h>. Please investigate and fix. Problematic file(s) and their linenumbers: glcontextmodes.c: 129, 370 Please fix. Also for SLES 10 SP3, also include planned bugfix for bug 626657.
Fixed now. At least mbuild on s390/s390x succeeds with the patch I've applied. I'll take care of SLE10-SP3 (bnc #626657) ASAP.
reopen for tracking.
back to security team. 14973 State:review By:sndirsch When:2011-09-13T07:52:22 submit: home:sndirsch:branches:SUSE:SLE-10-SP4:Update:Test/xorg-x11 -> SUSE:SLE-10-SP4:Update:Test Review by Group is new maintenance-team Descr: - s390-buildfix.diff * fixes build on s390(x) - U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch * LZW decompress: fix for CVE-2011-2895 (bnc #709851)
Update released for: libpciaccess0, libpciaccess0-32bit, libpciaccess0-devel, libpciaccess0-x86, xorg-x11-devel, xorg-x11-devel-32bit, xorg-x11-libs, xorg-x11-libs-32bit, xorg-x11-libs-debuginfo, xorg-x11-libs-debuginfo-32bit, xorg-x11-libs-debuginfo-64bit, xorg-x11-libs-debuginfo-x86, xorg-x11-libs-debugsource, xorg-x11-libs-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
we still miss sles10 sp3 submission. (sp4 was fine now)
Patch (U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch) is already in /work/SRC/old-versions/10.1/SLE-SP3-UPDATES/all/xorg-x11, what's still missing is the patch to fix bnc #626657 for SLE10-SP3.
We nearly forgot sles9-sp3-teradata can you submit a fixed XFree86 against that? (uses autobuild methods)
Update released for: libpciaccess0, libpciaccess0-32bit, libpciaccess0-debuginfo, libpciaccess0-debuginfo-32bit, libpciaccess0-devel, xorg-x11-devel, xorg-x11-devel-32bit, xorg-x11-libs, xorg-x11-libs-32bit, xorg-x11-libs-debuginfo, xorg-x11-libs-debuginfo-32bit, xorg-x11-libs-debuginfo-x86, xorg-x11-libs-debugsource Products: openSUSE 11.3 (debug, i586, x86_64) openSUSE 11.4 (debug, i586, x86_64)
Update released for: xorg-x11, xorg-x11-Xnest, xorg-x11-Xprt, xorg-x11-Xvfb, xorg-x11-Xvnc, xorg-x11-debuginfo, xorg-x11-devel, xorg-x11-devel-32bit, xorg-x11-devel-64bit, xorg-x11-doc, xorg-x11-driver-options, xorg-x11-fonts-100dpi, xorg-x11-fonts-75dpi, xorg-x11-fonts-cyrillic, xorg-x11-fonts-scalable, xorg-x11-fonts-syriac, xorg-x11-libs, xorg-x11-libs-32bit, xorg-x11-libs-64bit, xorg-x11-libs-x86, xorg-x11-man, xorg-x11-sdk, xorg-x11-server, xorg-x11-server-glx Products: SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
This is an autogenerated message for OBS integration: This bug (709851) was mentioned in https://build.opensuse.org/request/show/96475 Evergreen:11.1 / xorg-x11-libs
Update released for: xorg-x11, xorg-x11-Xnest, xorg-x11-Xprt, xorg-x11-Xvfb, xorg-x11-Xvnc, xorg-x11-debuginfo, xorg-x11-devel, xorg-x11-devel-32bit, xorg-x11-devel-64bit, xorg-x11-doc, xorg-x11-driver-options, xorg-x11-fonts-100dpi, xorg-x11-fonts-75dpi, xorg-x11-fonts-cyrillic, xorg-x11-fonts-scalable, xorg-x11-fonts-syriac, xorg-x11-libs, xorg-x11-libs-32bit, xorg-x11-libs-64bit, xorg-x11-libs-x86, xorg-x11-man, xorg-x11-sdk, xorg-x11-server, xorg-x11-server-glx Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: XFree86, XFree86-Mesa, XFree86-Mesa-devel, XFree86-Xnest, XFree86-Xprt, XFree86-Xvfb, XFree86-Xvnc, XFree86-devel, XFree86-doc, XFree86-driver-options, XFree86-fonts-100dpi, XFree86-fonts-75dpi, XFree86-fonts-cyrillic, XFree86-fonts-scalable, XFree86-fonts-syriac, XFree86-libs, XFree86-man, XFree86-server, XFree86-server-glx, km_drm Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
This is an autogenerated message for OBS integration: This bug (709851) was mentioned in https://build.opensuse.org/request/show/96683 Evergreen:11.1 / xorg-x11-libs
Update released for: freetype2, freetype2-32bit, freetype2-debuginfo, freetype2-devel, freetype2-devel-32bit, ft2demos, ft2demos-debuginfo Products: SLE-SERVER 10-SP2-LTSS (i386, s390x, x86_64)