FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xserver -- multiple issue with X client request handling

Affected packages
xorg-server < 1.12.4_10,1

Details

VuXML ID 27b9b2f0-8081-11e4-b4ca-bcaec565249c
Discovery 2014-12-09
Entry 2014-12-10

Alan Coopersmith reports:

Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way the X server code base handles requests from X clients, and has worked with X.Org's security team to analyze, confirm, and fix these issues.

The vulnerabilities could be exploited to cause the X server to access uninitialized memory or overwrite arbitrary memory in the X server process. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution.

The GLX extension to the X Window System allows an X client to send X protocol to the X server, to request that the X server perform OpenGL rendering on behalf of the X client. This is known as "GLX indirect rendering", as opposed to "GLX direct rendering" where the X client submits OpenGL rendering commands directly to the GPU, bypassing the X server and avoiding the X server code for GLX protocol handling.

Most GLX indirect rendering implementations share some common ancestry, dating back to "Sample Implementation" code from Silicon Graphics, Inc (SGI), which SGI originally commercially licensed to other Unix workstation and graphics vendors, and later released as open source, so those vulnerabilities may affect other licensees of SGI's code base beyond those running code from the X.Org Foundation or the XFree86 Project.

References

CVE Name CVE-2014-8091
CVE Name CVE-2014-8092
CVE Name CVE-2014-8093
CVE Name CVE-2014-8094
CVE Name CVE-2014-8095
CVE Name CVE-2014-8096
CVE Name CVE-2014-8097
CVE Name CVE-2014-8098
CVE Name CVE-2014-8099
CVE Name CVE-2014-8100
CVE Name CVE-2014-8101
CVE Name CVE-2014-8102
URL http://lists.x.org/archives/xorg-announce/2014-December/002500.html